Security Blog

 

November 6, 2009
Critical SSL Vulnerability Discovered

broken-lock.jpg A critical vulnerability in SSL was discovered in August of this year by Marsh Ray and Steve Dispensa of PhoneFactor. These findings were made public on November 4th.

Basically they uncovered a flaw in the SSL protocol itself - a gap in SSL authentication during renegotiation between client and server. This unauthenticated request allows the man-in-the-middle (MITM) attacker to inject specially crafted plaintext into the application protocol stream, which can be used to exploit different applications.

Folks, this is a vulnerability of epic proportions we have here. Online banking, online shopping, cloud computing, remote services all are based on the fact assumption that SSL is secure. How would you feel going to bed every night when you know your front door lock can be easily picked?

The good news is that vendors have been working on patches to the problem for a few months now. The bad news is, so much of our Internet infrastructure utilizes SSL. It will be impossible to patch everything. I bet cyber criminals are also scrambling to come up with ways to exploit this vulnerability before the patches arrive. This is going to be a very interesting few months. Stay tuned.

Posted by: Pete at 9:57 PM
Categories: General

No TrackBacks

TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/60

Comments

Back to Top

Partner Login

The PowerShift Program puts a world of resources at your fingertips.

Login Page:
http://www.netgear.com/Partners/
Powershift.aspx

Apply to be a Partner:
http://info.netgear.com/forms/powershift

Forget Password:
http://www.netgear.com/Extranet/
ForgotPassword.aspx

In This Section

Categories

 

Recent Posts

 

Monthly Archives

 
 
Lijit Search