Twitter vulnerable to SSL attack

News

Twitter vulnerable to SSL attack

Cliff Saran

A security researcher has identified a flaw in SSL, which could be used to steal users' Twitter credentials.

SSL (secure socket layer) is widely used across e-commerce sites to protect credit card details and other personal information. The security news groups have been buzzing with activity over the flaw in SSL, which could allow a "man-in-the-middle" attacker to add data onto a secure HTTPS transaction.

In a man-in-the-middle attack, the attacker makes independent connections with victims and relays messages between them. They believe they are talking to each other over a private connection, but the conversation is controlled by the attacker.

However, according to Anil Kurmus writing on the Full Disclosure mailing list, this flaw is unlikely to be exploited for HTTPS, as it only allows the attacker to inject data.

But Anil Kurmus has discovered a way that a modified attack could be used to steal twitter credentials over an SSL link.

He demonstrated how an attacker could launch a man in the middle attack to steal the credentials of a user authenticating himself through HTTPS to a trusted website such as Twitter.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy