Stay tuned this Friday's release
http://www.h-online.com/security/news/item/Tool-cracks-SSL-cookies-in-just-ten-minutes-1346387.html
Topic: SSL 1.0 broken (Read 1402 times)
It's TLS 1.0 that's broken, not SSL 1.0 ...
Well, SSL 1.0 was broken a long time ago, never use it.
With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?
Yes Opera supports it very well. But this doesnt help you with IIS being the only common used web server with at least wacky and hidden support for it. So basically on the server side coverage tends to be zero.
Of course this may change now.
It's TLS 1.0 that's broken, not SSL 1.0 ...
Thank you, was wondering when someone who actually bothers to read would point that out to people. ;p
With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?
It's TLS 1.0 that's broken, not SSL 1.0 ...
Yep, it's a man-in-the-middle from what I can tell. So if you're on a trusted net connection and careful with your browsing, your risk should be fairly low. Public wifi etc. on the other hand...
Looks like it requires some JavaScript exploitation in order for this exploit to work, none the less if your not a white-hat expert your pretty vulnerable to these kind of things
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Researchers claim to have a found a way to decrypt SSL traffic, needing about 10 minutes to crack the encryption. The article doesn't go into much detail on what is required for the attack to work, and it's just one post on the register... Still, careful out there.
Researchers claim to have a found a way to decrypt SSL traffic, needing about 10 minutes to crack the encryption. The article doesn't go into much detail on what is required for the attack to work, and it's just one post on the register... Still, careful out there.
Jump to: