Taste Kid: Find similar music (artists, bands), movies and books
Last updated: Wed, 03 Sep 2008 04:17

Site search


 

HomeArchiveAbout
General Internet Software Hardware
Sun, 24 Aug 2008 04:12 Back to present
Homepage » Internet

InternetGoogle making SSL changes, other sites quiet (CNET)

Sun, 24 Aug 2008, www.yahoo.com

CNET - A security researcher has been in discussions with Google on an exploit he plans to release that would allow a hacker to easily intercept someone's communications with supposedly secure Web sites over an unsecured Wi-Fi network, but other sites, like Facebook, Yahoo Mail, and Hotmail, remain vulnerable.

A security researcher has been in discussions with Google on an exploit he plans to release that would allow a hacker to easily intercept someone's communications with supposedly secure Web sites over an unsecured Wi-Fi network, but other sites, like Facebook, Yahoo Mail, and Hotmail, remain vulnerable. Mike Perry, a reverse engineer and developer at Riverbed Technology, says he announced on the BugTraq e-mail list a year ago a common flaw with the way Web sites implement the SSL (Secure Sockets Layer) protocol that is designed to protect people's data when they surf the Web. Typically, they only use SSL for encrypting communications during the log-in stage, he says. There are actually two problems with SSL implementations. The first issue is that many sites do not use SSL past the log-in page, and thus expose their users' cookies to theft via sniffing by someone else on the network. A tool exploiting this flaw was released last year by Robert Graham of Errata Security, at the same time Perry announced his flaw. Session cookies--which identify the machine as having used the correct username and password--have two modes: "secure" or "insecure." The vulnerability disclosed by Perry targets sites that attempt to use SSL, but do not flag their cookies as "secure." This flaw allows the cookies to be obtained by an attacker with access to the local network... [ Read more on www.yahoo.com ]


Other news fromInternet:

InternetU.S. Clamps Down on Suspected Botnet Operator

Sun, 24 Aug 2008, www.internetnews.com

One alleged bad guy down, perhaps -- but many more to go, if security experts are right.

InternetHow To Get Your E-mail Past Clients' Spam Filter

Sun, 24 Aug 2008, www.internetnews.com

Achieving 'deliverability,' otherwise known as getting e-mail delivered to a user's inbox in a timely and fully-functional fashion, is both an art and a science. Here are some tips.

Terms of UseDisclaimer