Forgot your password?
typodupeerror
Security

Man-In-the-Middle Vulnerability For SSL and TLS 170

Posted by Soulskill
from the alphabet-soup dept.
imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

Comment: Re:Stupid license. No thanks. (Score 1) 419

by TMacPhail (#29120365) Attached to: Behind Menuet, an OS Written Entirely In Assembly

The prohibition has no effect on being able to verify the claim. If you were allowed to disassemble, what would you expect to get out of that? Assembly. You will always get assembly from a disassembler so doing that neither proves nor disproves anything. You would need the original assembly source to compare against. And if you had that, you may as well simply examine it to see that it is all assembly and assemble it to verify that it works.

Having the 32 bit sources available is enough for me to believe their claims about the 64 bit sources also being entirely assembly. Their decision to license 64 bit differently from 32 is a different question altogether though.

Comment: Re:Depressing, but not uncommon (Score 1) 1251

by TMacPhail (#28944607) Attached to: Student Sues University Because She's Unemployable

100 is the average of the population as a whole. But if you consider any subset of that population, ie. university/college graduates, the average of that subset may be significantly different from the average of the entire population.

That said, I find the claim that US college grads have an average IQ of 95 to be very unlikely. That would be saying that college grads are less intelligent than the general population.

Communications

+ - Canadian Class-action Cellphone Suit Is Approved-> 2

Submitted by BeanBunny
BeanBunny (936648) writes "A Saskatchewan, Canada court has ruled that a $12 billion class-action suit can proceed. The suit alleges that "system access fees" that the cellphone companies have charged ($7-9 per month) are unfair and constitute price gouging. From the article: "It is described as the largest class-action in Canadian history, potentially affecting every cellphone user in the country. Currently, there are 7,500 complainants signed onto the suit.""
Link to Original Source

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...