Security Writer Questions Impact of SSL Flaw

Let’s try to separate the wheat from the chaff. Let’s start by looking at the vulnerability itself. It is a “man-in-the-middle” (MitM) attack in which an attacker can use an SSL feature called “negotiation” to inject bad stuff into an SSL session. Right, so that’s not good news. But the sky isn’t exactly falling yet, so we can all remain calm for now. Let’s put things into perspective here… In order to use an MitM attack to actually effect damage isn’t entirely
trivial. The attacker either needs to be on the same local network as
the client, or in the network path between the client and the server. By far, the most likely of these scenarios, at least in the near term,
is to attack systems on a local network. We have a little bit of
leverage there. Read the full article. [Computerworld]

Let’s try to separate the wheat from the chaff. Let’s start by looking at the vulnerability itself. It is a “man-in-the-middle” (MitM) attack in which an attacker can use an SSL feature called “negotiation” to inject bad stuff into an SSL session. Right, so that’s not good news. But the sky isn’t exactly falling yet, so we can all remain calm for now. Let’s put things into perspective here… In order to use an MitM attack to actually effect damage isn’t entirely
trivial. The attacker either needs to be on the same local network as
the client, or in the network path between the client and the server. By far, the most likely of these scenarios, at least in the near term,
is to attack systems on a local network. We have a little bit of
leverage there. Read the full article. [Computerworld]

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.