There is a good research paper published in May on attacks against SSL with Bad-Proxies do to issues in how different browsers respond to http/https
http://research.microsoft.com/apps/pubs/default.aspx?id=79323 On Wed, Aug 26, 2009 at 1:49 PM, Jon Harris <[email protected]> wrote: > I seem to remember something about a specific SSL attack just being > discovered within the last 2 months that dealt directly to point F. You > might give the archives a look see on that. > > Jon > > On Wed, Aug 26, 2009 at 1:36 PM, Ben Scott <[email protected]> wrote: > >> On Wed, Aug 26, 2009 at 10:59 AM, David W. McSpadden<[email protected]> >> wrote: >> > If someone has access to your ssl website with valid username and >> password >> > you assume that either 1 of 2 things have happened: >> > A someone has a keylogger and their computer is compromised. >> > B someone just out and out gave the information away. >> >> C your server software is compromised somehow >> D brute force or other password guessing attack >> E inside job gave someone access to something (password, or modified >> the server, etc.) >> F some kind of SSL attack; SSL is generally considered secure but >> there have been flaws found in implementations and specific options >> G other things I haven't thought of >> >> -- Ben >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > > > > -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
