TechTarget

Twitter vulnerable to SSL attack

A security researcher has identified a flaw in SSL, which could be used to steal users' Twitter credentials.

A security researcher has identified a flaw in SSL, which could be used to steal users' Twitter credentials.

SSL (secure socket layer) is widely used across e-commerce sites to protect credit card details and other personal information. The security news groups have been buzzing with activity over the flaw in SSL, which could allow a "man-in-the-middle" attacker to add data onto a secure HTTPS transaction.

In a man-in-the-middle attack, the attacker makes independent connections with victims and relays messages between them. They believe they are talking to each other over a private connection, but the conversation is controlled by the attacker.

However, according to Anil Kurmus writing on the Full Disclosure mailing list, this flaw is unlikely to be exploited for HTTPS, as it only allows the attacker to inject data.

But Anil Kurmus has discovered a way that a modified attack could be used to steal twitter credentials over an SSL link.

He demonstrated how an attacker could launch a man in the middle attack to steal the credentials of a user authenticating himself through HTTPS to a trusted website such as Twitter.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close