Hackers Break SSL Encryption - GoFuckYourself.com

Adam_M · 09-20-2011, 07:32 PM

This is going to be big news in the coming weeks!

http://www.theregister.co.uk/2011/09...ts_paypal_ssl/

raymor · 09-20-2011, 09:19 PM

This may be what Biden calls "a big fuckin deal". Anyone who accepts cards directly on their site or otherwise uses an ssl cert needs to pay attention to this.

NALEM · 09-20-2011, 09:27 PM

Quote:

Originally Posted by Adam_M

This is going to be big news in the coming weeks!

http://www.theregister.co.uk/2011/09...ts_paypal_ssl/

Thanks for the link. I just had this conversation with my programmers. For another project requiring secure transfers of data, they told me how vunerable we could be.

BIGTYMER · 09-20-2011, 09:30 PM

Great...

cooldude7 · 09-20-2011, 09:50 PM

ouch BEAST is coming., lol...........

cooldude7 · 09-20-2011, 09:51 PM

endless possibilities.......

Adam X · 09-20-2011, 09:55 PM

Quote:

Originally Posted by cooldude7

ouch BEAST is coming., lol...........

Once upon a time there was S.A.T.A.N... now BEAST? This IS a BFD.

cooldude7 · 09-20-2011, 10:50 PM

Quote:

Originally Posted by Adam X

Once upon a time there was S.A.T.A.N... now BEAST? This IS a BFD.

yepp its bd.,
but
c'mon dont tell me , you never thought , this is gonna happen someday.,

Nathan · 09-20-2011, 11:01 PM

Although I agree this is a big big problem, let's all accept the fact that Man-In-The-Middle attacks are not easy on the internet. You would need access to one of the main routers on the net to make this matter big time. Of course a spyware system running on a client's system is now able to decrypt SSL then, but it could grab the data after decryption anyway...

I know very few people that have access to major routers on the net and would use them to hack SSL streams.

See Cig · 09-21-2011, 03:16 AM

Quote:

Originally Posted by Nathan

Although I agree this is a big big problem, let's all accept the fact that Man-In-The-Middle attacks are not easy on the internet. You would need access to one of the main routers on the net to make this matter big time. Of course a spyware system running on a client's system is now able to decrypt SSL then, but it could grab the data after decryption anyway...

I know very few people that have access to major routers on the net and would use them to hack SSL streams.

hmm.
that kinda access... lets think.. should be making.. 40k-75k a year....on the avg..
vs what it could make....
over night...

See Cig · 09-21-2011, 03:19 AM

TheDoc · 09-21-2011, 04:06 AM

So they have to actually be watching for that connection, pretty much in control of your computer or server or an entire network really, so no sniffing these out... making this really fucking hard. Then they still have to guess what some keys are.., it doesn't decrypt everything.. and it takes 30 mins to do one cookie - and they still have to guess at some data and the next transaction the encrypt changes?

While this needs to get fixed.... it's a rather weak hack.

adultchatpay · 09-21-2011, 07:06 AM

Whoa, that is something.

09-20-2011, 07:32 PM	#1
Adam_M Confirmed User Industry Role: Join Date: Mar 2006 Location: Australia Posts: 3,796	Hackers Break SSL Encryption This is going to be big news in the coming weeks! http://www.theregister.co.uk/2011/09...ts_paypal_ssl/ __________________ DiscountedPorn.Com ReviewedPorn.com

09-20-2011, 09:19 PM	#2
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	This may be what Biden calls "a big fuckin deal". Anyone who accepts cards directly on their site or otherwise uses an ssl cert needs to pay attention to this. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

09-20-2011, 11:01 PM	#9
Nathan Confirmed User Industry Role: Join Date: Jul 2003 Posts: 3,108	Although I agree this is a big big problem, let's all accept the fact that Man-In-The-Middle attacks are not easy on the internet. You would need access to one of the main routers on the net to make this matter big time. Of course a spyware system running on a client's system is now able to decrypt SSL then, but it could grab the data after decryption anyway... I know very few people that have access to major routers on the net and would use them to hack SSL streams. __________________ "Think about it a little more and you'll agree with me, because you're smart and I'm right." - Charlie Munger

09-21-2011, 03:19 AM	#11
See Cig Confirmed User Join Date: Jan 2005 Posts: 515	__________________ See Sig

09-21-2011, 04:06 AM	#12
TheDoc Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Location: Currently Incognito Posts: 13,827	So they have to actually be watching for that connection, pretty much in control of your computer or server or an entire network really, so no sniffing these out... making this really fucking hard. Then they still have to guess what some keys are.., it doesn't decrypt everything.. and it takes 30 mins to do one cookie - and they still have to guess at some data and the next transaction the encrypt changes? While this needs to get fixed.... it's a rather weak hack. __________________ ~TheDoc - ICQ7765825 It's all disambiguation

09-20-2011, 09:30 PM	#4
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	Great...

09-20-2011, 09:50 PM	#5
cooldude7 Confirmed User Industry Role: Join Date: Nov 2009 Location: Heaven Posts: 4,306	ouch BEAST is coming., lol...........

09-20-2011, 09:51 PM	#6
cooldude7 Confirmed User Industry Role: Join Date: Nov 2009 Location: Heaven Posts: 4,306	endless possibilities.......

09-21-2011, 07:06 AM	#13
adultchatpay Let's Make Money Industry Role: Join Date: Dec 2008 Posts: 8,784	Whoa, that is something.