Ok, I have some insight on this one from a very trusted source.
1) It requires a successful man in the middle attack which is not that easy to do with SSL and it requires you to be on the same subnet as the victim or the SSL host. 2) The attack has been around for years, the only thing new here is that someone sort of built a tool to do it and is getting press coverage. 3) Very low risk. 4) Part of the exploit will be killed very quickly now that it has gone public. I am putting my SSL certs back in now. From: Andrew S. Baker [mailto:[email protected]] Sent: Wednesday, September 21, 2011 10:00 AM To: NT System Admin Issues Subject: Re: SSL hack LOL ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, Sep 21, 2011 at 8:39 AM, Kennedy, Jim <[email protected]<mailto:[email protected]>> wrote: I removed all my SSL certs, so they can't hack them. Just running straight http, let's see them beat that! From: Jonathan Link [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, September 21, 2011 8:39 AM To: NT System Admin Issues Subject: Re: SSL hack I think everyone is cowering in their foxholes right now... On Wed, Sep 21, 2011 at 8:33 AM, Erik Goldoff <[email protected]<mailto:[email protected]>> wrote: Hmmmm, looks like something I posted yesterday ... maybe you'll get more response. On Wed, Sep 21, 2011 at 8:30 AM, Steven M. Caesare <[email protected]<mailto:[email protected]>> wrote: Interesting, and potentially significant: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
