Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security gap found in SSL

  • 21-02-2003 7:24pm
    #1
    Closed Accounts Posts: 1,006 ✭✭✭


    Swiss researchers break encryption print mailto
    Lausanne (pte, Feb 21, 2003 11:53) - A team of security experts at the Security and Cryptography Laboratory (LASEC) at the "Ecole Polytechnique Federal der Lausanne” has discovered weaknesses in the Secure Sockets Layer (SSL) standard security protocol.

    The scientists say they were able to decode the information sent between client and server within an hour.

    The group under the direction of Serge Vaudenay is the first to prove that the gap, which has been the topic of theoretical discussion for some time, actually exists. To expose it, the researchers monitored the SSL-Server’s behaviour in replying to false packages. By measuring the amount of time taken to reply, the scientists were able to deduce the contents of a package.

    The researchers then worked out the password for the secure e-mail connection between the IMAP4 mail server and Outlook Express 6. Someone trying to take advantage of this gap would have to be able to intervene between the SSL server and client, and replace the message that is to be encoded with his own fake message.

    LASEC has notified the OpenSSL project of the security risk. The designers have already made the 0.9.7 and 0.9.6i versions available, which they say will close the OpenSSL gap.

    The international OpenSSL Project calls itself a "collaborative effort to develop a robust, commercial-grade Open Source toolkit implementing the Secure Sockets Layer and Transport protocols as well as a full-strength general purpose cryptogrphy library managed by a worldwide community of volunteers.” More information on the project can be found under

    there was a link provided @ http://lasecwww.epfl.ch/memo_ssl.shtml

    link fixed


Advertisement