With headlines like “New cyber threat compromises financial information – Experts say new threat could affect millions of sites”, you would think that the trust model of the internet is finally crumbled.
Following an hour long Friday evening wait for the demo, the Ekoparty demo for the SSL hack was staged. And it was interesting that the attack succeeded in cracking the SSL confidentiality model as implemented by the Mozilla Firefox browser when communicating with paypal.com web servers over https. At the same time, it seemed to be an impractical exploit that was fixed three months ago in Chromium source code.
Also of note, is the fact that the attack has been well known for almost 10 years, it’s just that there hasn’t been a practical exploit implementing the attack. And that they refined their blockwise attack model far better than previous chosen-plaintext attack models, making it more effective than prior attacks.
For related technical information, and thoughts from relevant developers and researchers, please check out my “Related Links” list to the right side of the post text. I try to be thorough in my selection.
Leave a reply