Full Disclosure: Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability

[William Reyor <opticfiber () gmail com>]

How would a remote attacker be able to read my systems memory?

On Oct 25, 2011, at 7:28 PM, Darren McDonald <darren () dmcdonald net> wrote:

> On 25 October 2011 23:36, William Reyor <opticfiber () gmail com> wrote:
> > Still possible when ssl connections are enforced?
> Yes, because if an attacker is able read your system's memory then
> they will be able to decrypt your SSL traffic by using your symmetric
> encryption keys. I call this the encryption key sidejacking attack.
>
> Renski
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/