mailing list archives
RE: SSL protocol flaw, request for opinions
From: "Benjamin Meade" <ben () lanwest com au>
Date: Mon, 24 Feb 2003 16:43:07 +0800
Can't say I'm too worried about it.
(a) Its already been patched, and (b), the requirements for pulling off
this attack are high enough to dissuade all but the most determined
cracker. A sufficiently determined cracker will get into your system,
there is no way around it. What it comes down to is if a compromise is
going to cost your company x amount to fix (including lost downtime,
consumer confidence, lawsuits etc), then you spend that amount on
securing your system, and leave it at that.
LanWest Pty Ltd
From: Juan Velasquez [mailto:juan () EvolutionH com]
Sent: Friday, 21 February 2003 3:46 PM
To: jasonc () science org; security-basics () securityfocus com
Subject: SSL protocol flaw, request for opinions
I just read this story which explains how the Swiss Federal Institute of
exploited a flaw in the SSL protocol to hijack an 8 character password
from a bunch of SSL encrypted email logins.
I was surprised. What does the security community think of this?
Juan () EvolutionhH com