Segurança Informática: Open SSL MITM

"Don't look now, but it's time to patch OpenSSL again: A critical flaw discovered in the open-source encryption software could allow an attacker to hijack an SSL/TLS session and decrypt and alter the traffic sent between the client and server machines.

The OpenSSL team today released an update that patches the flaw, classified as critical by SANS Internet Storm Center, as well as five other vulnerabilities.

The SSL/TLS man-in-the middle flaw (CVE-2014-0224) centers around a weakness in the "handshake" between client and server in an OpenSSL SSL/TLS session. "I also rated CVE-2014-0224 critical, since it does allow for MiTM attacks, one of the reasons you use SSL. But in order to exploit this issue, both client and server have to be vulnerable, and only openssl 1.0.1 is vulnerable on servers," SANS Internet Storm Center head Johannes Ullrich said today in a blog post."

New OpenSSL Flaw Exposes SSL To Man-In-The-Middle Attack

DarkReading

Segurança Informática

Open SSL MITM

Segurança no Software - Livro

Popular Posts

Notícias: ZDNet Zero Day

Notícias: DarkReading

Notícias: Schneier on Security

Notícias: OWASP AppSec

Notícias: ENISA

Notícias: Yahoo! Security

Notícias: HPCintheCloud: Security

Blogroll

Blogroll em Português

Conferências

Arquivo do Blog

Segurança Informática @Facebook

SANS Information Security Reading Room

Symantec Connect - Security - Blog Entries

Etiquetas

Nível de Ameaça

Vulnerabilidades

Podcasts

Links

Comic strips

Seguidores