Can't say I'm too worried about it. (a) Its already been patched, and (b), the requirements for pulling off this attack are high enough to dissuade all but the most determined cracker. A sufficiently determined cracker will get into your system, there is no way around it. What it comes down to is if a compromise is going to cost your company x amount to fix (including lost downtime, consumer confidence, lawsuits etc), then you spend that amount on securing your system, and leave it at that.
Benjamin Meade System Administrator LanWest Pty Ltd -----Original Message----- From: Juan Velasquez [mailto:[EMAIL PROTECTED] Sent: Friday, 21 February 2003 3:46 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: SSL protocol flaw, request for opinions I just read this story which explains how the Swiss Federal Institute of Technology exploited a flaw in the SSL protocol to hijack an 8 character password from a bunch of SSL encrypted email logins. I was surprised. What does the security community think of this? http://www.newscientist.com/news/news.jsp?id=ns99993420 -- Juan Velasquez [EMAIL PROTECTED]
