The PowerShift Program puts a world of resources at your fingertips.
Login Page:
http://powershift.netgear.com/ 
Apply to be a Partner:
http://powershift.netgear.com/et.cfm?eid=register
Forgot Password:
http://powershift.netgear.com/et.cfm?eid=resend_password
Not Yet a Partner? Learn More
Language or region not listed above?
Visit our Contact Us page to locate detailed regional contact information using our worldwide map.
Check back soon for deployment of more international websites.
From wireless routers and adapters to Layer 3 Managed Switches we have the networking equipment you need for your home or small business.
Visit NETGEAR.com
Purchase your license key(s) today for your ProSecure® STM and UTM appliances.
Posted By Netgear Threat Lab at 1:08 PM, November 10, 2009
At the Black Hat conference held in Las Vegas August of this year, security experts discovered many holes in the SSL encryption protocol - the very protocol that secures most Internet communications. On November 4th, security researchers from Phone Factor Marsh Ray and Steve Dispensa disclosed to the public the vulnerability in TLS / SSL that would allow for Man-in-the-Middle (MITM) attacks.
The vulnerability has the following characteristics:
1. It is a vulnerability in the protocol itself and not limited to certain applications
2. There is no concrete solution as of yet, still waiting for vendor patches
3. Affects a multitude of upper-layer protocols, including HTTPS, IMAP, SIP, etc...
Man-in-the-Middle Attacks (referred to as "MITM attacks") are "indirect" types of attacks where the attacker, through a variety of technical means gains access to the network communications between computers. This computer is known as the "middleman." This computer/intruder then masquerades as one or both of the victim computers, so that the "middleman" can establish an active connection with the victim computer(s). The "middleman" is now able to read or tamper with the communications between the two victim nodes. But the two victim computers still think they are talking directly to each other. This type of attack is not very easy to detect therefore, it has long been used by hackers and even to this day, is still commonly used to gain access to data or cause harm.
OpenSSL has already released a patch, but this patch does not fix the loopholes found in the protocol, but rather only turned off renegotiation by default. Users can obtain this patch by going to OPENSSL's official website: http://www.openssl.org/source/
Posted by: Netgear Threat Lab at 1:08 PM
Categories: Netgear Threat Lab
TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/61