Sections

Personal tools

You are here: Home → Subsections → Network Security → News → SSL renegotiation attack implemented

« March 2010 »

Log in: Login Name

Password

Cookies are not enabled. You must enable cookies before you can log in.; Forgot your password?; New user?

SSL renegotiation attack implemented

A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer protocol.

"""

A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer protocol.

The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. When the flaw surfaced last week, many researchers dismissed it as an esoteric curiosity with little practical effect.

""" - http://www.theregister.co.uk/2009/11/14/ssl_renegotiation_bug_exploited/

Slashdot discussion of article: http://it.slashdot.org/story/09/11/16/2327230/SSL-Renegotiation-Attack-Becomes-Real?art_pos=20

Document Actions

NetSec News: 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Feb 17, 2010; New AES Attack Nov 20, 2009; Null-prefix SSL flaw Nov 20, 2009; SSLSniff 0.6 Includes Null-Prefix Attack Nov 20, 2009; XML flaw threatens apps built with Sun, Apache, Python libraries Nov 20, 2009; More…

Main News: CS Labs Accounts changed Jan 05, 2010; EWU systems down for upgrade Nov 06, 2009; Server Maintenance Oct 08, 2009; More…

News: GPGPU partial implementation of SQLite gets 20-70x speedup. Feb 24, 2010; A $3.5 Billion Effort Aims to Help Tech Start-Ups + New Jobs Feb 24, 2010; 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Feb 17, 2010; PopSci - Exclusive: Inside Project Natal's Brain Jan 07, 2010; CS Labs Accounts changed Jan 05, 2010; New AES Attack Nov 20, 2009; More news…