Ego One - Pure | Fresh | First
Would you like to react to this message? Create an account in a few clicks or log in to continue.

We're Moving. So, we've disabled new registrations on this forum. The forum will not officially be released until 8 PM Pacific Standard Time (Friday, Sept, 9th, 2010)~ http://www.ego-one.net/

Ego One - Pure | Fresh | First » Official »  » From the homepage    » Zero-day flaw found in Web encryption

View previous topic View next topic Go down  Message [Page 1 of 1]

MrMario

MrMario
Manager
Zero-day flaw found in Web encryption E53988ce
Zero-day flaw found in Web encryption



Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for web transactions.



Ray, who along with Dispensa works for two-factor authentication company PhoneFactor, explained in a blog post on Thursday that he had initially discovered the flaw in August, and demonstrated a working exploit to Dispensa at the beginning of September.

The flaw in the TLS authentication process allows an outsider to hijack a legitimate user's browser session and successfully impersonate the user, the researchers said in a technical paper.

The fault lies in an "authentication gap" in TLS, Ray and Dispensa said. During the cryptographic authentication process, in which a series of electronic handshakes take place between the client and server, there is a loss of continuity in the authentication of the server to the client. This gives an attacker an opening to hijack the data stream, they said.


Read More Here

Guest posting activated




No Comment.

View previous topic View next topic Back to top  Message [Page 1 of 1]

Ego One - Pure | Fresh | First » Official »  » From the homepage    » Zero-day flaw found in Web encryption

Permissions in this forum:
You cannot reply to topics in this forum



Site powered by Forumotion
Copyright 2006-2013 | JalokimGraphics | Ego-One
<!-- <script type="text/javascript"> var vglnk = { key: '0d80ae9fe71cec9484f682bd59232f9e' }; (function(d, t) { var s = d.createElement(t); s.type = 'text/javascript'; s.async = true; s.src = '//cdn.viglink.com/api/vglnk.js'; var r = d.getElementsByTagName(t)[0]; r.parentNode.insertBefore(s, r); }(document, 'script')); </script> <div id="Forumactif_Video"></div> <script type="application/javascript"> //<![CDATA[ var slmadshb = slmadshb || {}; slmadshb.que = slmadshb.que || []; slmadshb.que.push(function() { slmadshb.display("Forumactif_Video"); }); //]]> </script> <script type="text/javascript">window._taboola = window._taboola || []; _taboola.push({flush: true});</script> <!-- BEGIN 1425605 - etoxic - FR - CDB - PCK - sticky footer - 728x90--> <div id="criteo_sticky"> <script type="text/javascript"> function CreateStickyFooterContainer(e) { var t = document.getElementById(e); t.style.position = "fixed", t.style.zIndex = "2147483646", t.style.bottom = "0", t.style.left = "0", t.style.padding = "0", t.style.borderColor = "rgb(196, 196, 196)", t.style.width = "100%", t.style.backgroundColor = "rgba(245, 245, 245, 0.54902)", t.style.borderStyle = "solid", t.style.borderWidth = "1px"; var o = document.createElement("a"); t.appendChild(o), o.style.backgroundColor = "rgb(221, 221, 221)", o.style.backgroundImage = "url('//static.criteo.net/images/criteo/publishertag/close.png')", o.style.backgroundRepeat = "no-repeat", o.style.backgroundPosition = "center", o.style.display = "block", o.style.position = "absolute", o.style.left = "0", o.style.top = "-24px", o.style.width = "23px", o.style.height = "24px", o.style.borderBottomColor = "#6d6c71", o.style.cursor = "pointer", o.onclick = function() { t.style.display = "none" }; var l = document.createElement("div"); l.id = "cto_sticky", l.style.margin = "0 auto", l.style.display = "table"; t.appendChild(l); return l.id }; Criteo.events.push(function() { if(!isMobile){ Criteo.Passback.RenderAd(CreateStickyFooterContainer("criteo_sticky"), function(){ var slotid = "criteo_sticky"; var div = document.getElementById(slotid); div.removeAttribute("style"); }); } else{ var slotid = "criteo_sticky"; var div = document.getElementById(slotid); div.style.display = "none"; } }); </script> </div> <!-- END CRITEO TAG --></body></html><strong><a href="https://www.forumotion.com/" target="_blank">Free forum</a></strong>&nbsp;|&nbsp;<span class="gensmall">&copy;</span><a href="https://www.forumotion.com/phpbb" target="_blank">phpBB</a>&nbsp;|&nbsp;<a name="bottom" href="https://help.forumotion.com/" target="_blank">Free forum support</a>&nbsp;|&nbsp;<a href="/abuse?page=%2Ft551-zero-day-flaw-found-in-web-encryption&amp;report=1" rel="nofollow">Report an abuse</a>&nbsp;|&nbsp;<strong><a href="https://www.forumotion.com" target="_blank">Forumotion.com</a></strong>Derp