-
May 22nd, 2009, 03:26 PM
#1
Breaking Web Browsers' Trust
Is your SSL connection really secure?
The researchers say that they were able to successfully attack Internet Explorer 7 and 8, Firefox 2 and 3, Opera 9, and Chrome Beta and 1.
Chen's group uncovered a problem with the way Web browsers display information from Web pages when a secure communications link has been established. They found that most browsers will sometimes treat insecure data as if it's part of the secure protocol. This means that a Web proxy--a machine sitting in between the browser and a website--can issue commands that the browser interprets as coming from a secure website, even if they are not. "In reality, it's very difficult to make sure that you are using a trusted network," he says.
For example, when a browser requests access to a secure website, the proxy could return a fake error message that the browser displays as genuine. The browser could then be tricked into sending secure messages to both the legitimate server and the malicious proxy.
http://www.technologyreview.com/web/22682/
In God We Trust....Everything else we backup.
-
May 22nd, 2009, 03:54 PM
#2
So my ol' faithful k-meleon is not listed. That's fine with me...
-
May 22nd, 2009, 04:35 PM
#3
odds are if it's based on the gecko engine, it probably has the same vulnerabilities.
-
May 22nd, 2009, 04:49 PM
#4
So my ol' faithful k-meleon is not listed. That's fine with me...
It states that the problem was fixed anyway
-
May 22nd, 2009, 08:33 PM
#5
As I read it, they discovered a fundamental design flaw in several browsers produced by different people.
The question they seem to be asking is are there others that haven't been detected yet?
I guess it only really matters if you are trying to do something confidential in the type of environment suggested?
Similar Threads
-
By Relyt in forum The Security Tutorials Forum
Replies: 1
Last Post: December 30th, 2005, 05:34 AM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 4
Last Post: January 28th, 2005, 05:54 PM
-
By devilmech in forum Cosmos
Replies: 27
Last Post: September 2nd, 2003, 02:23 PM
-
By hot_guy in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: August 2nd, 2003, 02:18 PM
-
By ac1dsp3ctrum in forum The Security Tutorials Forum
Replies: 8
Last Post: February 13th, 2002, 12:36 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|