SSL may not be so S as we thought.
-
Revelations at Black Hat Conference - Thursday[^].
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
-
Revelations at Black Hat Conference - Thursday[^].
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
"To make his attack work, Marlinspike must first get his software on a local area network." Well, if you can your software on a local area network, why go to the hassle of breaking SSL?
-
"To make his attack work, Marlinspike must first get his software on a local area network." Well, if you can your software on a local area network, why go to the hassle of breaking SSL?
Maybe to intercept bank info being sent from an uncompromised computer
Take a look at my corner of the net at Code Research Center
-
Maybe to intercept bank info being sent from an uncompromised computer
Take a look at my corner of the net at Code Research Center
If you can gain access to the network, you can gain access to the computer in question. (Of course, the bigger point is no-shit-Sherlock. Did anyone actually believe SSL was perfectly secure? The only security that can't be broke would be so difficult to implement and so slow that it wouldn't be worth it except in very narrow circumstances. Even then, history has shown that someone, sometime, takes a shortcut and blows it--like using a one time pad twice.)
-
"To make his attack work, Marlinspike must first get his software on a local area network." Well, if you can your software on a local area network, why go to the hassle of breaking SSL?
Joe Woodbury wrote:
Well, if you can your software on a local area network, why go to the hassle of breaking SSL?
Not that I've tried, you understand, but I imagine that it is more easy to get something onto a network from where it can be transmitted, used, or whatever, than any other method of getting access to SSL traffic. If spammers can get sufficient returns to make money, sure as eggs is eggs getting the thing onto the network is the least of the problems. Once on the network it can utilise the SSL traffic to spread to locations where more valuable data becomes accessible. The point though is that now that an exploit has been identified, others may find ways to utilize it without that necessity.
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
-
Joe Woodbury wrote:
Well, if you can your software on a local area network, why go to the hassle of breaking SSL?
Not that I've tried, you understand, but I imagine that it is more easy to get something onto a network from where it can be transmitted, used, or whatever, than any other method of getting access to SSL traffic. If spammers can get sufficient returns to make money, sure as eggs is eggs getting the thing onto the network is the least of the problems. Once on the network it can utilise the SSL traffic to spread to locations where more valuable data becomes accessible. The point though is that now that an exploit has been identified, others may find ways to utilize it without that necessity.
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
If you are sophisticated enough to get such a program running on a local area network, getting access to a single system is not much more difficult. Besides, why bother; just getting people to install a key logger or other spy ware is so much easier.
-
If you are sophisticated enough to get such a program running on a local area network, getting access to a single system is not much more difficult. Besides, why bother; just getting people to install a key logger or other spy ware is so much easier.
hijacking a work station whose owner used it for pron surfing late night at home, and compromising a server are two different things, even if the server is running a version of windows.
The European Way of War: Blow your own continent up. The American Way of War: Go over and help them.