The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday. On the bright side, its not as bad as Heartbleed, but its not-so-catchy name and lack of publicity means it will be tough for the public to tackle as quickly. SLS/TLS MITM (which Im going to call SLS until someone names it something like Skinburn or Tummyache) is on a smaller scale than Heartbleed. A smart hacker can use the vulnerability to attack the handshake, making it weak.
Comments are closed.
