|
search / subscribe / upload / contact |
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
| RSS-Feed Depeschen |  |
|
|
||
|
||
Date: 1998-06-27
Loch im Protokoll: Lucent knackt SSL/PKCS#1 Code-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- Loch im Protokoll: Lucent knackt SSL/PKCS#1 Code Ziemliche Aufregung bei netscape & anderen e/kommerziellen Firmen, die den Secure Socket Layer (SSL) als Standard/Verschlüsselung für interaktive Bestellsysteme nutzen. Ein Techniker von Lucent hat ein gravierendes Sicherheitsloch im Protokoll entdeckt & folgerichtig den Code ge/cracked. Genaue Beschreibung des Lochs samt Gegenmassnahmen sind auf der Site der Schlüsselmanufaktur RSA zu finden. http://www.rsa.com/rsalabs/pkcs1/index.html -.-.- --.- -.-.- --.- -.-.- --.- News.com story A computer scientist at Lucent Technologies' research arm in Murray Hill, New Jersey, this week discovered a way to crack encryption code from secured Web sites. Web server software firms have been scrambling this week to get a software patch to customers to plug the security hole. In theory, the discovery means a hacker could access a Web shopper's credit card number, address, and other vital information as the user conducts a transaction. "The mechanism used is to send particular messages to a server and observe the error messages," Daniel Bleichenbacher, the scientist who uncovered the security breach told CNET NEWS.COM. "This gives me a bit of information of what a decrypted message looks like. Whenever I don't get an error message back, I also have some information on what the secret message looks like." Bleichenbacher's department was researching ways of cracking various security protocols. He said he chose the Public Key Cryptography Standard (PKCS) No. 1 protocol because it is so widely used in electronic commerce. He explained that the method means someone needs to repeatedly send about a million carefully constructed messages to a target server and that the hacker would need a special connection to screen out any other Internet traffic. Full Text http://www.news.com/News/Item/0,4,23595,00.html -.-.- --.- -.-.- --.- -.-.- --.- TIP Download free PGP 5.5.3i (Win95/NT & Mac) from Arge Daten http://keyserver.ad.or.at/pgp/download/ -.-.- --.- -.-.- --.- -.-.- --.- - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- edited by Harkank published on: 1998-06-27 comments to office@quintessenz.at subscribe Newsletter - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- 
|
|
|
 |
CURRENTLY RUNNING |
q/Talk 1.Juli: The Danger of Software Users Don't Control
|
|
|
!WATCH OUT! |
bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien
|
|