Slashdot Mirror

← Back to Stories (view on slashdot.org)

Black Hat Presentation Highlights SSL Encryption Flaws

Posted by timothy on from the well-hey-nothin's-perfect dept.

nk497 writes "Hackers at the Black Hat conference have shown that SSL encryption isn't as secure as online businesses would like us to think. Independent hacker Moxie Marlinspike showed off several techniques to fool the tech behind the little padlock on your screen. He claimed that by using a real world attack on several secure websites such as PayPal, Gmail, Ticketmaster and Facebook, he garnered 117 email accounts, 16 credit card numbers, seven PayPal logins and 300 other miscellaneous secure logins."

7 of 152 comments (clear)

  1. Re:Oh god by mapsjanhere · · Score: 1, Offtopic

    Well, if the hacker types like the submitter, I'm not too worried about my login credentials.

    --
    I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
  2. Disgusting grammar. by XcepticZP · · Score: -1, Offtopic

    What a disgusting display of English grammar. Come on, Slashdot! I thought you editor's had better standards.

  3. Get fool the tech by Anonymous Coward · · Score: -1, Offtopic

    Somebody set him up the bomb!

  4. All your base are belong to us by Anonymous Coward · · Score: -1, Offtopic

    All your base are belong to us.

  5. Re:God forbid... by Ginger+Unicorn · · Score: 0, Offtopic

    Transalations? How well did your third grade go? :p

    --
    (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
  6. Re:The problem is with the trusting user, and can by Kickasso · · Score: 0, Offtopic

    http://en.wikipedia.org/wiki/SecurID
    No reader is needed.

  7. Re:It's not a problem with SSL /per se/ by Anonymous Coward · · Score: -1, Offtopic

    Off topic nitpick:

    This is the same argument that I see with switching to Linux: oh, users will have to relearn things, it's different than Windows. Yet those same users have to relearn when they get a new cable box and remote.

    Yet those same users never have to drop to the command line or edit some text file to get their cable box working. Yes, a Linux desktop isn't Windows, but its no cable box or phone either. Cable boxes and phones have UIs that are focused around a much smaller set of activities.