Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Encryption

Submission + - HTTPS encryption is too little too late (blogspot.com)

DeFender1031 writes: So it's time to pay the bills. You go to your bank's website to transfer some money, you log in, and your account information is completely secure because the bank's servers establish an HTTPS connection with your browser, right? WRONG! This article describes in plain english how a man-in-the-middle can be performed prior to an HTTPS handshake, neutralizing any security precautions that might have been in place. The attack described here can be extended to any protocol where the server specifies whether to use a secure or insecure mode.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

HTTPS encryption is too little too late

Comments Filter:

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...