Black Hat reveals multiple security weaknesses in SSL

probe · 30-07-2009 04:01PM #1

http://www.informationweek.com/blog/main/archives/2009/07/bombshell_from.html

http://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1363108,00.html

Martyr · 30-07-2009 08:43PM

In fairness, probe.

The problem isn't with SSL itself, it's with how some..*some* applications handle certificates.

It's interesting, but doesn't reveal "weaknesses in SSL" itself, which the title of this thread would seem to suggest.

It's a bug alright, but not in SSL protocol.

probe · 05-08-2009 05:36PM

Martyr wrote: »

In fairness, probe.

The problem isn't with SSL itself, it's with how some..*some* applications handle certificates.

It's interesting, but doesn't reveal "weaknesses in SSL" itself, which the title of this thread would seem to suggest.

It's a bug alright, but not in SSL protocol.

I'm trying to keep the headline as simple as possible..... methinks you are being a tad pedantic:)

Anyway we no longer use ssl for the most part - it's TLS. SSL is now a generic term encompassing the security processes behind an https type connection...

Black Swan · 05-08-2009 10:15PM

A strong argument to use only FF3.5 until other browsers are patched?

Martyr · 06-08-2009 02:04AM

probe wrote:

methinks you are being a tad pedantic

yes, i am.

probe wrote:

Anyway we no longer use ssl for the most part - it's TLS. SSL is now a generic term encompassing the security processes behind an https type connection...

now you're being pendantic

Blue Lagoon wrote:

A strong argument to use only FF3.5 until other browsers are patched?

as of 3.5.2, it's patched

BaconZombie · 06-08-2009 01:44PM

God love all the corporate people stuck using IE6!!!

Blue_Lagoon wrote: »

A strong argument to use only FF3.5 until other browsers are patched?

Black Hat reveals multiple security weaknesses in SSL

Comments