Comments on: Authentication Gap in TLS Renegotiation http://extendedsubset.com/?p=8 "X is the new Y" is the new "Z considered harmful" Tue, 07 Sep 2010 03:48:24 +0000 http://wordpress.org/?v=2.5.1 By: SSL Renegotiation Vulnerability :Architecting Security http://extendedsubset.com/?p=8#comment-316 SSL Renegotiation Vulnerability :Architecting Security Sun, 23 May 2010 19:41:11 +0000 http://extendedsubset.com/?p=8#comment-316 [...] at 9:41 pm In November 2009, the renegotiation vulnerability over SSL/TLS based protocols was published.  SSL renegotiation is a new SSL handshake over an already established SSL [...] [...] at 9:41 pm In November 2009, the renegotiation vulnerability over SSL/TLS based protocols was published.  SSL renegotiation is a new SSL handshake over an already established SSL [...]

]]> By: Digital Threat » Blog Archive » SSL/TSL Protocol Vulnerability http://extendedsubset.com/?p=8#comment-262 Digital Threat » Blog Archive » SSL/TSL Protocol Vulnerability Sat, 27 Feb 2010 22:47:51 +0000 http://extendedsubset.com/?p=8#comment-262 [...] Extended Subset and Links carry extensive technical descriptions of various application protocol issues resulting from this TLS vulnerability. [...] [...] Extended Subset and Links carry extensive technical descriptions of various application protocol issues resulting from this TLS vulnerability. [...]

]]> By: daniel.haxx.se » The big protocols http://extendedsubset.com/?p=8#comment-252 daniel.haxx.se » The big protocols Sun, 24 Jan 2010 21:53:59 +0000 http://extendedsubset.com/?p=8#comment-252 [...] the flaws discovered during the last year or so, primarily the the null-prefix cert names and the TLS renegotiation bug. I felt good about already knowing just about everything of what he told us. I can also boast with [...] [...] the flaws discovered during the last year or so, primarily the the null-prefix cert names and the TLS renegotiation bug. I felt good about already knowing just about everything of what he told us. I can also boast with [...]

]]> By: SSLv3 / TLS Man in the Middle vulnerability - Madrock http://extendedsubset.com/?p=8#comment-247 SSLv3 / TLS Man in the Middle vulnerability - Madrock Wed, 20 Jan 2010 02:17:22 +0000 http://extendedsubset.com/?p=8#comment-247 [...] The original description (site is suffering from a slashdot effect as I write this) [...] [...] The original description (site is suffering from a slashdot effect as I write this) [...]

]]> By: MitM Plaintext Injection Vulnerability in TLS (openssl) « waffle http://extendedsubset.com/?p=8#comment-34 MitM Plaintext Injection Vulnerability in TLS (openssl) « waffle Sun, 13 Dec 2009 12:26:51 +0000 http://extendedsubset.com/?p=8#comment-34 [...] vulnerability and mitigation’ – MARC Links » Another Protocol Bites The Dust Extended Subset » Blog Archive » Authentication Gap in TLS Renegotiation The Secure Goose: TLS renegotiation vulnerability (CVE-2009-3555) Confidence 2009.02 – My TLS [...] [...] vulnerability and mitigation’ – MARC Links » Another Protocol Bites The Dust Extended Subset » Blog Archive » Authentication Gap in TLS Renegotiation The Secure Goose: TLS renegotiation vulnerability (CVE-2009-3555) Confidence 2009.02 – My TLS [...]

]]> By: Betanews Podcast: Rupert Murdoch and the buying stuff online problem | CHARGED's Digital Lifestyle at Work or Play http://extendedsubset.com/?p=8#comment-23 Betanews Podcast: Rupert Murdoch and the buying stuff online problem | CHARGED's Digital Lifestyle at Work or Play Wed, 09 Dec 2009 06:16:12 +0000 http://extendedsubset.com/?p=8#comment-23 [...] Marsh Ray and Steve Dispensa’s blog entry on the TLS renegotiation problem. [...] [...] Marsh Ray and Steve Dispensa’s blog entry on the TLS renegotiation problem. [...]

]]> By: Trys saugumo pataisymai | FreeBSD.lt http://extendedsubset.com/?p=8#comment-13 Trys saugumo pataisymai | FreeBSD.lt Sat, 05 Dec 2009 12:01:16 +0000 http://extendedsubset.com/?p=8#comment-13 [...] Prieš kelias dienas oficialiai buvo pranešta apie trijų klaidų esančių FreeBSD sistemoje pataisymus. Pirmoji pataisa skirta šią savaitę paskelbtai kritinei klaidai, kai lokalus vartotojas gali gauti administratoriaus teises. Antroji ištaiso prieigos teisių problemą naudojant freebsd-update programą. Trečioji ištaiso neseniai paskelbtą OpenSSL klaidą. [...] [...] Prieš kelias dienas oficialiai buvo pranešta apie trijų klaidų esančių FreeBSD sistemoje pataisymus. Pirmoji pataisa skirta šią savaitę paskelbtai kritinei klaidai, kai lokalus vartotojas gali gauti administratoriaus teises. Antroji ištaiso prieigos teisių problemą naudojant freebsd-update programą. Trečioji ištaiso neseniai paskelbtą OpenSSL klaidą. [...]

]]> By: Alice Allen http://extendedsubset.com/?p=8#comment-10 Alice Allen Thu, 05 Nov 2009 14:13:18 +0000 http://extendedsubset.com/?p=8#comment-10 Here is an article about this discovery by the UK Register just out: http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/ Here is an article about this discovery by the UK Register just out:

http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/

]]> By: Authentication Gap in TLS Renegotiation « Jasper Blog http://extendedsubset.com/?p=8#comment-9 Authentication Gap in TLS Renegotiation « Jasper Blog Thu, 05 Nov 2009 12:27:00 +0000 http://extendedsubset.com/?p=8#comment-9 [...] Read more: Extended Subset [...] [...] Read more: Extended Subset [...]

]]> By: Une faille dans le protocole SSLv3/TLSv1 « Criminalités numériques http://extendedsubset.com/?p=8#comment-8 Une faille dans le protocole SSLv3/TLSv1 « Criminalités numériques Thu, 05 Nov 2009 11:18:51 +0000 http://extendedsubset.com/?p=8#comment-8 [...] Ray annonce sur son blog qu’il aurait découvert cette faille lors de travaux pour sa société Phonefactor. Les [...] [...] Ray annonce sur son blog qu’il aurait découvert cette faille lors de travaux pour sa société Phonefactor. Les [...]

]]>