Scary: SSL not quite secure any more
Posted in security on 11/17/2009 02:15 am by novakyu“A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the SSL protocol. The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website.”
What’s next? PGP? Can we trust anything other than OTPs any more?