Forum latest

Scramble on to fix flaw in SSL security protocol
Written by Daniel   
Thursday, 05 November 2009 17:10

From Computer World

Inadvertent disclosure forces vendors to speed effort to produce a fix

IDG News Service - Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.

The flaw lies in the Secure Sockets Layer (SSL) protocol, which is best known as the technology used for secure browsing on Web sites whose URLs begin with HTTPS. The bug lets attackers intercept secure SSL communications between computers using what's known as a man-in-the-middle attack.

Although the flaw can only be exploited under certain circumstances, it could be used to hack into servers in shared hosting environments, as well as mail servers, databases and many other secure applications, according to Chris Paget, a security researcher who has studied the issue.

"It's a protocol-level flaw," said Paget, chief technology officer at H4rdw4re LLC, a Sunnyvale, Calif.-based security consultancy. "There's a whole lot of stuff that's going to have to get fixed on this one: Web browsers, Web servers, Web load balancers, Web accelerators, mail servers, SQL Servers, ODBC drivers, peer-to-peer protocols."

Although an attacker would first need to hack into the victim's network to launch the man-in-the-middle attack, the results would then be devastating -- especially if the hack was a targeted attack to gain access to a database or a mail server, Paget said.   [Computer World...] [Comments...]


See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either