Sunday, February 22, 2009

Researcher demonstrates SSL attack

A security researcher has demonstrated a way to hijack Secure Sockets Layer (SSL) sessions to intercept login data.This is very disturbing. Our dependence on secure computing to access our banks, pay our bills, and shop online just became very insecure. While I know next to nothing about hacking, I know this is a very bad thing. When you take into account the free and open availability of these hacking tools, it won't take a professional hacker to steal your information.

Moxie Marlinspike, who spoke at the Black Hat security conference on Wednesday, explained how to subvert an SSL session by performing a man-in-the-middle attack. The anarchist researcher explained in...

read more | digg story