Peterism » tls http://peterchuang.com/blog NOT just random thoughts Mon, 09 Aug 2010 23:15:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 TLS Vulnerability to MITM Attack http://peterchuang.com/blog/2009/11/279/ http://peterchuang.com/blog/2009/11/279/#comments Thu, 05 Nov 2009 22:15:15 +0000 Peter http://peterchuang.com/blog/2009/11/279/ TLS is the underlying technology used by modern browsers and web servers to encrypt data communicated between them.  (Since TLS is a transport layer facility, it can be used in any other application layer protocols like SMTP, POP, etc, in addition to HTTP.)  While the encryption itself has been regarded as “secure enough” by online banking services (encryption relying on 4096-bit public key as of 2009), among others, there is another type of attack which is independent of the strength of the encryption used – man-in-the-middle (MITM) attack.

Here’s a blog post demonstrating one way it can be done.  Browser security patches should be on their way.

]]> http://peterchuang.com/blog/2009/11/279/feed/ 0