Skip to main content

Researchers devise new attack techniques against SSL

posted onFebruary 6, 2013
by l33tdawg

The developers of many SSL libraries are releasing patches for a vulnerability that could potentially be exploited to recover plaintext information, such as browser authentication cookies, from encrypted communications.

The patching effort follows the discovery of new ways to attack SSL, TLS and DTLS implementations that use cipher-block-chaining (CBC) mode encryption. The new attack methods were developed by researchers Nadhem J. AlFardan and Kenneth G. Paterson at the University of London's Royal Holloway College.

The men published a research paper and a website on Monday with detailed information about their new attacks, which they have dubbed the Lucky Thirteen. They've worked with several TLS library vendors, as well as the TLS Working Group of the IETF (Internet Engineering Task Force), to fix the issue.

Source

Tags

Security SSL

You May Also Like

Recent News

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th