Linux Today: Linux News On Internet Time.

Attack on SSL Users Discovered, Tool Sources Released

Feb 25, 2009, 17:04 (1 Talkback[s])
(Other stories by Nils Magnus)

"Often users ignore warning dialogs and click through them. In the case of an sslstrip intervention, the user doesn't even get the warning dialogs, because no apparent invalid HTTPS connection is created. His browser simply doesn't create a secure connection. The kind of MITM attacks this can provide, and how users might be totally unaware of them, is clearly indicated in Marlinspike's "New Tricks for Defeating SSL in Practice" slides."

Complete Story

Related Stories: