Thread: Can SSL sessions be compromised?
View Single Post
  #8 (permalink)  
Old 04-06-2007, 04:13 PM
Anne & Lynn Wheeler
Guest
  
Posts: n/a
Default Re: Can SSL sessions be compromised?
comphelp@toddh.net (Todd H.) writes:
> Specify a version level of SSL (greater than known-weak SSL v 2.0)
> that this applies to, or a specific implementation's flaw, cite

re:
http://www.garlic.com/~lynn/2007g.html#32 Can SSL sessions be compromised?
http://www.garlic.com/~lynn/2007g.html#38 Can SSL sessions be compromised?

SSL is suppose to do two things ... 1) are you really talking to the
webserver that you think you are talking to and 2) hide/encrypt
information during transmission.

the attacks that I'm aware have been with regard to the first item
.... including allowing various kinds of MITM-attacks (as mentioned
in previous posts).

recent post about MITM-attack
http://www.garlic.com/~lynn/aadsm26.htm#47 SSL MITM-attacks make the news

as well blog discussion

THREATWATCH: MITB SPOTTED: MITM OVER SSL FROM WITHIN THE BROWSER
https://financialcryptography.com/mt...es/000884.html


Reply With Quote