| View unanswered posts | View active topics |
It is currently 24 Nov 2009, 10:09 |
|
All times are UTC + 1 hour [ DST ] |
 
|
Page 1 of 1 |
[ 4 posts ] |
| Print view | Previous topic | Next topic |
Yet Another SSL/TLS Vulnerability Released
| Author | Message |
|---|---|
|
..........  Joined: 29 Mar 2008, 22:40 Posts: 4070 Location: Miskatonic U. 
|
 Yet Another SSL/TLS Vulnerability ReleasedPosted on Michael Coates' App Sec blog.
Quote: Thursday, November 5, 2009 Yet Another SSL/TLS Vulnerability Released Another SSL/TLS vulnerability has been recently released. This weakness appears to affect applications which use client side certificates for user authentication. More specifically, the weakness lies in the renegotiation feature. For many people, this will not be an issue, since client side certificates are rarely used with large Internet facing applications. However, some of the more secure applications do rely on client side certificates for two-factor authentication. These groups should take notice and start preparing to implement any fixes when they are available. According to the Register article, this issue has been known since September and key players have been working to develop a solution. A new proposal is expected to be submitted to IETF today. Here are the links so far. Anyone out there have any more info at this time? Register Article Martin Rex Related Security Research & Response Analysis by Ivan Ristic -Michael Coates |
| 05 Nov 2009, 23:04 |
 
|
|
|
|
.......... Joined: 29 Mar 2008, 22:40 Posts: 4070 Location: Miskatonic U.
|
Re: Yet Another SSL/TLS Vulnerability Released |
| 06 Nov 2009, 21:13 |
|
|
|
|
....  Joined: 22 Oct 2006, 02:16 Posts: 45 Location: Italy
|
Re: Yet Another SSL/TLS Vulnerability Released in italian:
http://punto-informatico.it/2745367/PI/ ... -rete.aspx in english: http://extendedsubset.com/?p=8 |
| 07 Nov 2009, 03:38 |
|
|
|
|
.......... Joined: 29 Mar 2008, 22:40 Posts: 4070 Location: Miskatonic U.
|
Re: Yet Another SSL/TLS Vulnerability Released Yes another update, OpenSSL updated and tools to test your applications for vulnerabilities released:
http://djtechnocrat.blogspot.com/2009/1 ... ation.html |
| 07 Nov 2009, 06:40 |
|
|
|
|
|
Page 1 of 1 |
[ 4 posts ] |
|
All times are UTC + 1 hour [ DST ] |
Who is online |
Users browsing this forum: No registered users and 1 guest |
| You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum |