View Single Post
  #1   (View Single Post)  
Old 17th September 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Vulnerability in SSL encryption is barely exploitable

From http://h-online.com/-1708604

Quote:
Researchers have discovered that, where data sent over an encrypted HTTPS connection has undergone prior compression, the door is opened to attackers who, by modifying the data traffic in a targeted manner, are then able to crack the encryption.

Compression is supported by almost half of all web servers, including the servers at many prominent organisations such as Google and Twitter. Browser makers have, however, already reacted by disabling the additional functions which enable the vulnerability.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote