HACKER POKES NEW HOLE IN SECURE SOCKETS LAYER

Moxie Marlinspike’s man-in-the-middle

Website encryption has sustained another body blow, this time by an independent hacker who demonstrated a tool that can steal sensitive information by tricking users into believing they’re visiting protected sites when in fact they’re not.

Unveiled Wednesday at the Black Hat security conference in Washington, SSLstrip works on public Wi-Fi networks, onion-routing systems, and anywhere else a man-in-the-middle attack is practical. It converts pages that normally would be protected by the secure sockets layer protocol into their unencrypted versions. It does this while continuing to fool both the website and the user into believing the security measure is still in place.

Keep reading “Hacker pokes third hole in secure sockets layer” »

Popularity: 1% [?]