Defeating SSL Vulnerability Remain unfixed

securityIt has been now Nine weeks since Moxie Marlinspike demonstrated the “new” way of attacking SSL at the Black Hat security conference by the help of his tool, called SSLstrip he was able to make a man-in-the-middle attack on normal, insecure http traffic and replaces links to secure https pages with normal http, so after a user submit the login and password or credit card credential the attacker can find all details in clear without the notice of victim.

Well Microsoft Internet explorer still not fixed to this vulnerability as well as other browser that support CryptoAPI, so here we have a great risk for our resources like VPN and Mail servers.

Actually the Bug ignore all characters like “/” and “0” but organization looks at the domain name, with or without these characters.

So an attacker can create a valid certificate name for your site and use it for example we need to issue a certificate for thoughtcrime.org than the string will be as follow:

www.bankofamerica.com\*thoughtcrime.org

Now the browsers that process SSL-Certificate over Microsoft library are Google Chrome, Apple Safari and Internet Explorer. On the other hand developers of Firefox fixed this Bug just few days after the Black Hat presentation.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] Read the original here: Defeating SSL Vulnerability Remain unfixed […]

trackback

[…] the original here: Defeating SSL Vulnerability Remain unfixed | SecTechno Share and […]

trackback

Defeating #SSL #Vulnerability Remains unfixed http://bit.ly/sT7ox (via @sectechno) #security #Microsoft

trackback

@aqlong Many Thanks for the RT @MBenLakhoua Defeating #SSL #Vulnerability Remain unfixed http://bit.ly/sT7ox (via @sectechno) #security

trackback

RT @MBenLakhoua Defeating #SSL #Vulnerability Remain unfixed http://bit.ly/sT7ox (via @sectechno) #security #Microsoft

trackback

Thank you kindly for RT @real_microsoft RT @MBenLakhoua Defeating #SSL #Vulnerability Remains unfixed http://bit.ly/sT7ox (via @sectechno)

trackback

Defeating #SSL #Vulnerability Remain unfixed http://bit.ly/sT7ox (via @sectechno) #security #Microsoft

trackback

RT @MBenLakhoua: Defeating SSL Vulnerability Remains unfixed http://bit.ly/sT7ox (via @sectechno) #Security #Microsoft #SSL

trackback

Defeating SSL Vulnerability Remains unfixed http://bit.ly/sT7ox (via @sectechno) #Security #Microsoft #SSL

trackback

@real_microsoft Thank you kindly for the RT @MBenLakhoua Defeating #SSL #Vulnerability Remain unfixed http://bit.ly/sT7ox (via @sectechno)

trackback

RT @real_microsoft: RT @MBenLakhoua Defeating SSL Vulnerability Remain unfixed http://bit.ly/sT7ox (via @sectechno) #Security #Microsoft

trackback

RT @real_microsoft: RT @MBenLakhoua Defeating SSL Vulnerability Remain unfixed http://bit.ly/sT7ox (via @sectechno) #Security #Microsoft