CircleID

Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted."

Related Links:
Security Researchers Uncover SSL Vulnerability eWeek, Nov.5.2009
Thoughts on the TLS bug Chris Paget, Nov.5.2009

Related topics: Security