Re: Can SSL sessions be compromised?
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 06 Apr 2007 11:51:54 -0500
Anne & Lynn Wheeler <lynn@xxxxxxxxxx> writes:
comphelp@xxxxxxxxx (Todd H.) writes:
Specify a version level of SSL (greater than known-weak SSL v 2.0)
that this applies to, or a specific implementation's flaw, cite
re:
http://www.garlic.com/~lynn/2007g.html#32 Can SSL sessions be compromised?
http://www.garlic.com/~lynn/2007g.html#38 Can SSL sessions be compromised?
SSL is suppose to do two things ... 1) are you really talking to the
webserver that you think you are talking to and 2) hide/encrypt
information during transmission.
the attacks that I'm aware have been with regard to the first item
... including allowing various kinds of MITM-attacks (as mentioned
in previous posts).
recent post about MITM-attack
http://www.garlic.com/~lynn/aadsm26.htm#47 SSL MITM-attacks make the news
as well blog discussion
THREATWATCH: MITB SPOTTED: MITM OVER SSL FROM WITHIN THE BROWSER
https://financialcryptography.com/mt/archives/000884.html
MITM, is indeed relatively simple with SSL.
The silly post I replied which you trimmed implied weakness in the
encryption, which if it actually exists must be a compromise that is
very tightly held.
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- Re: Can SSL sessions be compromised?
- From: Anne & Lynn Wheeler
- Re: Can SSL sessions be compromised?
- References:
- Can SSL sessions be compromised?
- From: Powercat
- Re: Can SSL sessions be compromised?
- From: Anne & Lynn Wheeler
- Re: Can SSL sessions be compromised?
- From: buy
- Re: Can SSL sessions be compromised?
- From: Todd H.
- Re: Can SSL sessions be compromised?
- From: Anne & Lynn Wheeler
- Can SSL sessions be compromised?
- Prev by Date: Re: Can SSL sessions be compromised?
- Next by Date: Re: Can SSL sessions be compromised?
- Previous by thread: Re: Can SSL sessions be compromised?
- Next by thread: Re: Can SSL sessions be compromised?
- Index(es):
Relevant Pages
|
|
