Friday, November 13, 2009

Opinion: Can the SSL vulnerability hurt you?

ComputerWorld Security:

The security blogosphere is agog over some recently published vulnerability information describing attacks against the venerable SSL protocol -- you know, the one that almost the entire Internet relies on for securing transactions as they transit the Net. But how does this impact you? Let's try to separate the wheat from the chaff.

Let's start by looking at the vulnerability itself. It is a "man-in-the-middle" (MitM) attack in which an attacker can use an SSL feature called "negotiation" to inject bad stuff into an SSL session. Right, so that's not good news. But the sky isn't exactly falling yet, so we can all remain calm for now. Let's put things into perspective here.

Yes, by all accounts, there seems to be a serious weakness in SSL. As of right now, however, that weakness is known to a relatively small collection of folks who are working to come up with some solutions to the problem. That said, the technical details of the problem have been published, and there's little doubt that attacks will begin to surface over time.

More info, please read here.

No comments: