Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man-In-the-Middle Vulnerability For SSL and TLS

Posted by Soulskill on from the alphabet-soup dept.

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

6 of 170 comments (clear)

  1. We need to invest in Quantum Physics. by jellomizer · · Score: 4, Funny

    Only with quantum physics can we actually get a secure data transfer. Or not or both.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:We need to invest in Quantum Physics. by PiSkyHi · · Score: 5, Funny

      Come on moderators, its a joke - Yes, I realise its both funny and not funny at the same time.

    2. Re:We need to invest in Quantum Physics. by Anonymous Coward · · Score: 0, Funny

      Most of the mods here wouldn't get an intelligent joke if it came up and kicked them in the face.

      It'd have to kick them in the nuts to be low-brow enough for them to notice.

    3. Re:We need to invest in Quantum Physics. by mcgrew · · Score: 3, Funny

      Damn you, Quantum Physics!!

      --
      Free Martian Whores!
  2. web developers by chrisranjana.com · · Score: 1, Funny

    So are these man in middle exploits fixed in the latest Ubuntu release ?

    --
    Chris ,
    Php Programmers.
  3. Its a quantum man in the middle attack by Viol8 · · Score: 5, Funny

    Its the same man in all 3 places.