Null-Prefix SSL Attacks Enabled In New sslsniff

An anonymous reader writes "Moxie Marlinspike, who recently published new attacks on SSL at Defcon 17, seems to have released the new version of sslsniff which supports these attacks. While the release appears to coincide with a patch from Mozilla, every product that uses the Microsoft CryptoAPI is still vulnerable, including Internet Explorer and Outlook. The new version of sslsniff also supports built-in modes for hijacking software auto-updates that depend on SSL, and apparently includes techniques for defeating OCSP as well — making the elimination of existing null-prefix certificates difficult."

Re:Appears to coincide..

[sys.stdout.write]

And by "fixed the patch" I mean "I'm retarded".

English is hard.

Winning combination

[Norsefire]

Excellent technical skills, interest in hacking and a name that no security department will take seriously.

Re:Winning combination

[MyLongNickName]

Moxie Marlinspike? I thought we had a new Ubuntu release. And I was wondering what happened to the L's.

dot your i's and cross your t's

[kronosopher]

.. even extra unnecessary ones.

Is an "atttack" anything like an "attack"?

Re:dot your i's and cross your t's

[TheRaven64]

It's an attack with Mr T in the middle.

Re:dot your i's and cross your t's

[Ironica]

It's an attack with Mr T in the middle.

You mean it's a man-in-the-middle attack?

Re:New toy

Have you tried a vibrating butt plug?

Re:Appears to coincide..

[mrsteveman1]

I do, it comes right after "oh-shit-we're-screwed sunday and "pwned monday".