Folks,
You ought to be aware of this if you site relays on TLS 1.0:
"... The vulnerability resides in versions 1.0 and earlier of TLS, or
transport layer security, the successor to the secure sockets layer
technology that serves as the internet's foundation of trust. Although
versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely
unsupported in browsers and websites alike."
"... requires about two seconds to decrypt each byte of an encrypted cookie.
That means authentication cookies of 1,000 to 2,000 characters long will
still take a minimum of a half hour for their PayPal attack to work.
Nonetheless, the technique poses a threat to millions of websites that use
earlier versions of TLS"
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
--
Greetings, alo.
http://www.alobbs.com/
You ought to be aware of this if you site relays on TLS 1.0:
"... The vulnerability resides in versions 1.0 and earlier of TLS, or
transport layer security, the successor to the secure sockets layer
technology that serves as the internet's foundation of trust. Although
versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely
unsupported in browsers and websites alike."
"... requires about two seconds to decrypt each byte of an encrypted cookie.
That means authentication cookies of 1,000 to 2,000 characters long will
still take a minimum of a half hour for their PayPal attack to work.
Nonetheless, the technique poses a threat to millions of websites that use
earlier versions of TLS"
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
--
Greetings, alo.
http://www.alobbs.com/