Attack on SSL Users Discovered, Tool Sources Released

"Often users ignore warning dialogs and click through them. In the case of an sslstrip intervention, the user doesn't even get the warning dialogs, because no apparent invalid HTTPS connection is created. His browser simply doesn't create a secure connection. The kind of MITM attacks this can provide, and how users might be totally unaware of them, is clearly indicated in Marlinspike's "New Tricks for Defeating SSL in Practice" slides."

Complete Story

Related Stories:

• Widespread vulnerabilities found in programs which use OpenSSL(Jan 09, 2009)
• Perspectives Extension Improves HTTPS Security(Oct 21, 2008)
• After Debian's Epic SSL Blunder, A World of Hurt for Security Pros(May 22, 2008)
• Linux Postfix Mail Server SSL Certificate Installations and Configuration(Jul 16, 2007)