Wireless and Wifi Forums - View Single Post

#9 (**permalink**) 04-06-2007, 04:51 PM

Anne & Lynn Wheeler <lynn@garlic.com> writes:

> comphelp@toddh.net (Todd H.) writes:
> > Specify a version level of SSL (greater than known-weak SSL v 2.0)
> > that this applies to, or a specific implementation's flaw, cite
>
> re:
> http://www.garlic.com/~lynn/2007g.html#32 Can SSL sessions be compromised?
> http://www.garlic.com/~lynn/2007g.html#38 Can SSL sessions be compromised?
>
> SSL is suppose to do two things ... 1) are you really talking to the
> webserver that you think you are talking to and 2) hide/encrypt
> information during transmission.
>
> the attacks that I'm aware have been with regard to the first item
> ... including allowing various kinds of MITM-attacks (as mentioned
> in previous posts).
>
> recent post about MITM-attack
> http://www.garlic.com/~lynn/aadsm26.htm#47 SSL MITM-attacks make the news
>
> as well blog discussion
>
> THREATWATCH: MITB SPOTTED: MITM OVER SSL FROM WITHIN THE BROWSER
> https://financialcryptography.com/mt...es/000884.html

MITM, is indeed relatively simple with SSL.

The silly post I replied which you trimmed implied weakness in the
encryption, which if it actually exists must be a compromise that is
very tightly held.

Best Regards,
--
Todd H.
http://www.toddh.net/