View Single Post
  #1   (View Single Post)  
Old 4th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,505
Default Unlucky for you: UK crypto-duo 'crack' HTTPS in Lucky 13 attack

From http://www.theregister.co.uk/2013/02...crypto_attack/

Quote:
Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.

Professor Kenny Paterson from the Information Security Group at Royal Holloway, University of London and PhD student Nadhem Alfardan claim they can crack TLS-encrypted traffic in a man-in-the-middle attack.

According to their study, the weakness revolves around altering messages exchanged between the web server and browser, and noting microsecond differences in the time taken to process them.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote