The way things are going, we may need to start thinking about replacing SSL
Update 27-Sep-11:
An interesting post to understand the scope of this new security hole
Update 04-Oct-11:
An article from Infosecurity-Magazine confirming my suspicion
Update 14-Oct-11:
Learn about the BEAST from the horse's mouth: The author's own blog
Update 31-Jan-12:
Another good article that summarizes how SSL is now broken, and what is the future of web authentication
Update 01-Aug-12:
Certificate pinning might be one solution to the problems. However, this sounds like a difficult solution to deploy, where all clients would have to cache the certs of all the trusted websites/servers.
Update 12-Feb-13:
A new attack, called Lucky Thirteen. Original white paper here.
Update 18-May-13:
Some issues/concerns with IPv6 integration.
No comments:
Post a Comment