Researchers have developed a new attack on SSL 3.0 that enables them to decrypt client requests on the wire and hijack confidential sessions on https sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a flaw in SSL. It has the potential to impact the security of transactions on millions of sites. It could also potentially impact SSL VPN and instant messaging clients.
The researchers have been in touch with the major browser vendors to work with them on patching any perceived vulnerabilities. Microsoft has released Security Advisory 2588513 along with several fixit tools. At date of release there were no reports of exploitation in the wild. The vulnerability requires a number of factors work in favour of the would-be attacker to be successful and hence customers are at minimal risk.
More Info on Technet and The Register.
Guido Marchetti discusses Cyber Security and how can you ...
By Guido Marchetti, Cloud Lead, MJ Flood Technology Every...