Software Makers in Race to Fix SSL Bug

Cyber Threats | News | Kara Reeder, Thursday, November 5, 2009
network security, Secure Sockets Layer
Software makers around the world are scrambling to fix a serious bug in the SSL protocol that lets attackers intercept secure SSL communications between computers using a man-in-the-middle attack, reports Computerworld.

According to Chris Paget, the chief technology officer with a security consultancy called H4rdw4re, the flaw leaves vulnerable servers in shared hosting environments, mail servers, databases and many other secure applications. He describes the seriousness of the bug:

Your implementation of SSL can be completely compliant with the protocol, completely immune to code-level vulnerabilities, completely fine at managing its keys, and using ciphers that are completely unbroken, and you are still vulnerable.

The bug will be very difficult to fix since it lies in the SSL protocol itself. But further complicating matters is that SAP engineer Martin Rex stumbled across the bug and inadvertently disclosed it on an obscure mailing list.

Comments (0) Bookmark and Share

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <b> <i>

More information about formatting options