SSL 1.0 broken

Bitcoin Forum

May 05, 2024, 07:38:22 AM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Bitcoin Forum > Other > Off-topic > SSL 1.0 broken

Pages: [1]

« previous topic next topic »

Author

Topic: SSL 1.0 broken (Read 1402 times)

rebuilder (OP)

Legendary

Offline

Activity: 1615
Merit: 1000

SSL 1.0 broken

September 20, 2011, 09:54:00 AM

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Researchers claim to have a found a way to decrypt SSL traffic, needing about 10 minutes to crack the encryption. The article doesn't go into much detail on what is required for the attack to work, and it's just one post on the register... Still, careful out there.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!

1714894702

Hero Member

Offline

Posts: 1714894702

Ignore

1714894702

1714894702


	Report to moderator

1714894702

Hero Member

Offline

Posts: 1714894702

Ignore

1714894702


	Report to moderator

1714894702

Hero Member

Offline

Posts: 1714894702

Ignore

1714894702


	Report to moderator

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1714894702

Hero Member

Offline

Posts: 1714894702

Ignore

1714894702


	Report to moderator

1714894702

Hero Member

Offline

Posts: 1714894702

Ignore

1714894702


	Report to moderator

Xenland

Legendary

Offline

Activity: 980
Merit: 1003

I'm not just any shaman, I'm a Sha256man

Re: SSL 1.0 broken

September 20, 2011, 09:58:05 AM

Looks like it requires some JavaScript exploitation in order for this exploit to work, none the less if your not a white-hat expert your pretty vulnerable to these kind of things

rebuilder (OP)

Legendary

Offline

Activity: 1615
Merit: 1000

Re: SSL 1.0 broken

September 20, 2011, 10:05:41 AM

Yep, it's a man-in-the-middle from what I can tell. So if you're on a trusted net connection and careful with your browsing, your risk should be fairly low. Public wifi etc. on the other hand...

Raoul Duke

aka psy
Legendary

Offline

Activity: 1358
Merit: 1002

Re: SSL 1.0 broken

September 20, 2011, 10:56:23 AM

It's TLS 1.0 that's broken, not SSL 1.0 ...

sadpandatech

Hero Member

Offline

Activity: 504
Merit: 500

Re: SSL 1.0 broken

September 20, 2011, 12:11:24 PM

Quote from: psy on September 20, 2011, 10:56:23 AM

It's TLS 1.0 that's broken, not SSL 1.0 ...

Thank you, was wondering when someone who actually bothers to read would point that out to people. ;p

With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people. -DamienBlack

bitterness

Newbie

Offline

Activity: 18
Merit: 0

Re: SSL 1.0 broken

September 20, 2011, 03:50:36 PM

Quote from: psy on September 20, 2011, 10:56:23 AM

It's TLS 1.0 that's broken, not SSL 1.0 ...

Well, SSL 1.0 was broken a long time ago, never use it.

Quote from: sadpandatech on September 20, 2011, 12:11:24 PM

With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?

Yes Opera supports it very well. But this doesnt help you with IIS being the only common used web server with at least wacky and hidden support for it. So basically on the server side coverage tends to be zero.

Of course this may change now.

cronopio

Newbie

Offline

Activity: 55
Merit: 0

Re: SSL 1.0 broken

September 20, 2011, 07:29:15 PM

Stay tuned this Friday's release

http://www.h-online.com/security/news/item/Tool-cracks-SSL-cookies-in-just-ten-minutes-1346387.html

Pages: [1]

Bitcoin Forum > Other > Off-topic > SSL 1.0 broken

« previous topic next topic »

Jump to: