Security Basics mailing list archives
RE: SSL protocol flaw, request for opinions
From: "Benjamin Meade" <ben () lanwest com au>
Date: Mon, 24 Feb 2003 16:43:07 +0800
Can't say I'm too worried about it. (a) Its already been patched, and (b), the requirements for pulling off this attack are high enough to dissuade all but the most determined cracker. A sufficiently determined cracker will get into your system, there is no way around it. What it comes down to is if a compromise is going to cost your company x amount to fix (including lost downtime, consumer confidence, lawsuits etc), then you spend that amount on securing your system, and leave it at that. Benjamin Meade System Administrator LanWest Pty Ltd -----Original Message----- From: Juan Velasquez [mailto:juan () EvolutionH com] Sent: Friday, 21 February 2003 3:46 PM To: jasonc () science org; security-basics () securityfocus com Subject: SSL protocol flaw, request for opinions I just read this story which explains how the Swiss Federal Institute of Technology exploited a flaw in the SSL protocol to hijack an 8 character password from a bunch of SSL encrypted email logins. I was surprised. What does the security community think of this? http://www.newscientist.com/news/news.jsp?id=ns99993420 -- Juan Velasquez Juan () EvolutionhH com
Current thread:
- SSL protocol flaw, request for opinions Juan Velasquez (Feb 22)
- Re: SSL protocol flaw, request for opinions Gayle Shipp (Feb 24)
- RE: SSL protocol flaw, request for opinions Benjamin Meade (Feb 24)
- Re: SSL protocol flaw, request for opinions Angelo Perniola (Feb 24)
- Re: SSL protocol flaw, request for opinions Naveen Maram (Feb 24)