Browsed by
Tag: tls

TLS Vulnerability to MITM Attack

TLS Vulnerability to MITM Attack

TLS is the underlying technology used by modern browsers and web servers to encrypt data communicated between them.  (Since TLS is a transport layer facility, it can be used in any other application layer protocols like SMTP, POP, etc, in addition to HTTP.)  While the encryption itself has been regarded as “secure enough” by online banking services (encryption relying on 4096-bit public key as of 2009), among others, there is another type of attack which is independent of the strength of the encryption used – man-in-the-middle (MITM) attack.

Here’s a blog post demonstrating one way it can be done.  Browser security patches should be on their way.