|
Corrected security vulnerability in SSL protocol |
|
Engineers have discovered a fix for serious security vulnerability in the SSL (secure sockets layer) protocol that secures email, web transactions and other types of sensitive internet traffic.
The mention security vulnerability was disclosed in November, 2009., and it can be used to perform MITM (man-in-the-middle) attack. A few weeks after, a Turkish grad student showed how it could be used to steal Twitter authentication credentials. Because IETF (Internet Engineering Task Force) approved final draft, it will update RFC 5246 specification of mention protocol. The new version of protocol overhauls the way SSL-enabled software renegotiates encrypted sessions so it's no longer possible for attacker to inject malicious payloads into encrypted traffic passing between two endpoints. With the completion of the specification, SSL libraries (and application that rely on this libraries) will have to be updated to implement the changes. For more information users should check status page of SSL patches, and IETF announcement of the new standard. The original new is published on TheRegistar web site. |
