Expert calls SSL protocol vulnerability a non issue

    Date06 Nov 2009
    Posted ByAlex
    Two security researchers are calling for an industry-wide response to fix a serious vulnerability they discovered in the SSL protocol, used widely on the Internet for secure data transfers. But a noted network security researcher says the vulnerability has very little impact on most users and will not result in data loss. Moxie Marlinspike, a security researcher who has discovered high- profile security flaws, said the vulnerability has extremely limited value in practice. The attack is not designed to intercept traffic. Instead code is injected revealing nothing to the attacker, Marlinspike said.

    "It has virtually no impact on the majority of users in the common case of how SSL/TLS is deployed," Marlinspike wrote in an email message. "It doesn't affect your webmail, online banking or online shopping experience."

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.