On mySimon: Deadwood - The Complete Series
BNET Business Network:
BNET
TechRepublic
ZDNet
4 TalkBacks

By Tom Espiner ZDNet UK
Posted on ZDNet News: Nov 05, 2009 9:41:52 AM

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for web transactions.

Ray, who along with Dispensa works for two-factor authentication company PhoneFactor, explained in a blog post on Thursday that he had initially discovered the flaw in August, and demonstrated a working exploit to Dispensa at the beginning of September.

The flaw in the TLS authentication process allows an outsider to hijack a legitimate user's browser session and successfully impersonate the user, the researchers said in a technical paper.

For more, read "Zero-day flaw found in web encryption " on ZDNet UK.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 4 Talkback(s)
wireless too
And if someone knows what they are doing, using various wireless technologies could likely be sniffed and spoofed too. ... (Read the rest)
Posted by: richard233 Posted on: 11/11/09 You are currently: a Guest | | Terms of Use
Bad one  honeymonster | 11/05/09
wireless too  richard233 | 11/11/09
Cue...  Ceridan | 11/05/09
A true cross-platform flaw  barence773 | 11/08/09

What do you think?

SmartPlanet

Click Here