Zero-day flaw found in web encryption

Thankful · #1 November 5th, 2009, 05:40 PM

http://news.zdnet.co.uk/security/0,1...9860592,00.htm

lotuseclat79 · #2 November 7th, 2009, 08:08 AM

Additional information and a temporary OpenSSL patch:
HTTPS, SSL attack vector discovered; fix is on the way.

Quote:

A serious security flaw in the TLS protocol could make HTTP communication vulnerable to a man-in-the-middle attack. Security researchers are working to address the issue.

-- Tom

scott1256ca · #3 November 14th, 2009, 01:19 PM

Can any of the experts at this site comment as to how concerned we should be about this in the near term, i.e. next couple of months? Are evildoers likely to start exploiting this immediately or will it take them some time?

Thanks

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search