gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76651 Posts in 13455 Topics by 2082 Members - Latest Member: nike66 September 28, 2021, 10:29:45 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Vulnerabilities Allow Attacker to Impersonate Any Website
gfx
gfxgfx
 

Author Topic: Vulnerabilities Allow Attacker to Impersonate Any Website  (Read 439 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Vulnerabilities Allow Attacker to Impersonate Any Website
« on: July 31, 2009, 03:01:29 pm »
http://www.wired.com/threatlevel/2009/07/kaminsky/

Quote
LAS VEGAS — Two researchers examining the processes for issuing web certificates have uncovered vulnerabilities that would allow an attacker to masquerade as any website and trick a computer user into providing him with sensitive communications.

Normally when a user visits a secure website, such as Bank of America, PayPal or Ebay, the browser examines the website’s certificate to verify its authenticity.

However, IOActive researcher Dan Kaminsky and independent researcher Moxie Marlinspike, working separately, presented nearly identical findings in separate talks at the Black Hat security conference on Wednesday. Each showed how an attacker can legitimately obtain a certificate with a special character in the domain name that would fool nearly all popular browsers into believing an attacker is whichever site he wants to be. The problem occurs in the way that browsers implement Secure Socket Layer communications.

“This is a vulnerability that would affect every SSL implementation,” Marlinspike told Threat Level, “because almost everybody who has ever tried to implement SSL has made the same mistake.”

Yet another heads up to keep you informed.  8)

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Vulnerabilities Allow Attacker to Impersonate Any Website
 

gfxgfx
gfx
©2005-2021 WinMXWorld.com. All Rights Reserved.
SMF 2.0.18 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.028 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!