Posts Tagged ‘MitM attacks’


SSL implementation flaws

Researchers have discovered an incorrect implementation of SSL encryption that allows for an attack on a huge number of applications and services provided by PayPal, Amazon, Microsoft, Google, Yahoo.

A team of researchers from the University of Texas at Austin and Stanford published a study of reliability mechanisms Validation SSL certificates in “non-browser” software platforms on Linux, Windows, Android and iOS. The subject of the study were the validation SSL implementations in various software and API, based on it. The vector operation was chosen type of attack is the “man in the middle” (MitM).

The main objective of SSL – is to provide mechanisms to protect the end user from the attack of the “man in the middle”. Even if the network is fully compromised: poisoned DNS cache servers, access points, routers, etc. are controlled by an attacker – SSL is required to ensure the confidentiality, authenticity and integrity of data between the client and the server. (more…)