Slashdot Mirror

← Back to Stories (view on slashdot.org)

Null-Prefix SSL Attacks Enabled In New sslsniff

Posted by timothy on from the ready-or-not-here-it-comes dept.

An anonymous reader writes "Moxie Marlinspike, who recently published new attacks on SSL at Defcon 17, seems to have released the new version of sslsniff which supports these attacks. While the release appears to coincide with a patch from Mozilla, every product that uses the Microsoft CryptoAPI is still vulnerable, including Internet Explorer and Outlook. The new version of sslsniff also supports built-in modes for hijacking software auto-updates that depend on SSL, and apparently includes techniques for defeating OCSP as well — making the elimination of existing null-prefix certificates difficult."

3 of 48 comments (clear)

  1. Winning combination by Norsefire · · Score: 5, Funny

    Excellent technical skills, interest in hacking and a name that no security department will take seriously.

    1. Re:Winning combination by MyLongNickName · · Score: 5, Funny

      Moxie Marlinspike? I thought we had a new Ubuntu release. And I was wondering what happened to the L's.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  2. Re:Appears to coincide.. by mrsteveman1 · · Score: 5, Funny

    I do, it comes right after "oh-shit-we're-screwed sunday and "pwned monday".