On 25 October 2011 23:36, William Reyor <[email protected]> wrote: > Still possible when ssl connections are enforced? >
Yes, because if an attacker is able read your system's memory then they will be able to decrypt your SSL traffic by using your symmetric encryption keys. I call this the encryption key sidejacking attack. Renski _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
