You might remember the article I wrote a couple of weeks back regarding the then recently found vulnerabilities of SSL 3.0 (TLS 1.0). Well, things just got real.

• New Security Issues come to light with SSL 3.0

At the time, some researchers even went so far as to say that the vulnerability was only theoretical! Too theoretical to even worry about. The attack is described in detail:

• TLS renegotiation vulnerability (CVE-2009-3555)

It appears that the popular micro-blogging site Twitter first fell victim to the attack. The Register has the full story:

• Researcher busts into Twitter via SSL reneg hole

Now that the attack is in the wild, where are the patches?
Read more…

News, Security CSRF, https, malicious websites, man in the middle, MITM, SSL, TLS