I seem to remember something about a specific SSL attack just being discovered within the last 2 months that dealt directly to point F. You might give the archives a look see on that.
Jon On Wed, Aug 26, 2009 at 1:36 PM, Ben Scott <[email protected]> wrote: > On Wed, Aug 26, 2009 at 10:59 AM, David W. McSpadden<[email protected]> > wrote: > > If someone has access to your ssl website with valid username and > password > > you assume that either 1 of 2 things have happened: > > A someone has a keylogger and their computer is compromised. > > B someone just out and out gave the information away. > > C your server software is compromised somehow > D brute force or other password guessing attack > E inside job gave someone access to something (password, or modified > the server, etc.) > F some kind of SSL attack; SSL is generally considered secure but > there have been flaws found in implementations and specific options > G other things I haven't thought of > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
