17th September 2012
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
|
|
Vulnerability in SSL encryption is barely exploitable
From http://h-online.com/-1708604
Quote:
Researchers have discovered that, where data sent over an encrypted HTTPS connection has undergone prior compression, the door is opened to attackers who, by modifying the data traffic in a targeted manner, are then able to crack the encryption.
Compression is supported by almost half of all web servers, including the servers at many prominent organisations such as Google and Twitter. Browser makers have, however, already reacted by disabling the additional functions which enable the vulnerability.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|