Twitter vulnerable to SSL attack

A security researcher has identified a flaw in SSL, which could be used to steal users' Twitter credentials.

A security researcher has identified a flaw in SSL, which could be used to steal users' Twitter credentials.

SSL (secure socket layer) is widely used across e-commerce sites to protect credit card details and other personal information. The security news groups have been buzzing with activity over the flaw in SSL, which could allow a "man-in-the-middle" attacker to add data onto a secure HTTPS transaction.

In a man-in-the-middle attack, the attacker makes independent connections with victims and relays messages between them. They believe they are talking to each other over a private connection, but the conversation is controlled by the attacker.

However, according to Anil Kurmus writing on the Full Disclosure mailing list, this flaw is unlikely to be exploited for HTTPS, as it only allows the attacker to inject data.

But Anil Kurmus has discovered a way that a modified attack could be used to steal twitter credentials over an SSL link.

He demonstrated how an attacker could launch a man in the middle attack to steal the credentials of a user authenticating himself through HTTPS to a trusted website such as Twitter.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close