Twitter vulnerable to SSL attack

News

Twitter vulnerable to SSL attack

Cliff Saran

A security researcher has identified a flaw in SSL, which could be used to steal users' Twitter credentials.

SSL (secure socket layer) is widely used across e-commerce sites to protect credit card details and other personal information. The security news groups have been buzzing with activity over the flaw in SSL, which could allow a "man-in-the-middle" attacker to add data onto a secure HTTPS transaction.

In a man-in-the-middle attack, the attacker makes independent connections with victims and relays messages between them. They believe they are talking to each other over a private connection, but the conversation is controlled by the attacker.

However, according to Anil Kurmus writing on the Full Disclosure mailing list, this flaw is unlikely to be exploited for HTTPS, as it only allows the attacker to inject data.

But Anil Kurmus has discovered a way that a modified attack could be used to steal twitter credentials over an SSL link.

He demonstrated how an attacker could launch a man in the middle attack to steal the credentials of a user authenticating himself through HTTPS to a trusted website such as Twitter.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy