Hacker News new | past | comments | ask | show | jobs | submit login
Sotirov and Applebaum's (redacted) Internet vulnerability, published tomorrow at CCC (ccc.de)
1 point by tptacek on Dec 30, 2008 | hide | past | favorite | 4 comments



Getting sick of Internet-ending vulnerabilities yet? Of course not! Especially when there's a redacted abstract to pick apart and guess on!

A slice of context: neither Sotirov nor Applebaum would bank their reputations on a publicity stunt; they're both well-respected.

Is it SSL? Then why does the redacted text say "even so-called secure...". Is it a js/DOM issue? Then what's the word "infrastructure" doing there?

I'm feeling mildly Thawte about this. The attack was impractical before, exploits known weaknesses, but is possible now that [redacted], and leaves a criminal in possession of something. Known weaknesses that haven't been probed well feels maybe RNG-y. Maybe you can request a zillion personal Thawte certs and bust a pool of entropy.


Some more interesting context, this time by HD Moore from Metasploit/Breakingpoint:

http://www.breakingpointsystems.com/community/blog/Attacking...



Prepare to be astonished.




Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: