Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 09-20-2011, 07:32 PM   #1
Adam_M
Confirmed User
 
Adam_M's Avatar
 
Industry Role:
Join Date: Mar 2006
Location: Australia
Posts: 3,796
Hackers Break SSL Encryption

This is going to be big news in the coming weeks!

http://www.theregister.co.uk/2011/09...ts_paypal_ssl/
Adam_M is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 09:19 PM   #2
raymor
Confirmed User
 
Join Date: Oct 2002
Posts: 3,745
This may be what Biden calls "a big fuckin deal". Anyone who accepts cards directly on their site or otherwise uses an ssl cert needs to pay attention to this.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
raymor is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 09:27 PM   #3
NALEM
Confirmed User
 
NALEM's Avatar
 
Industry Role:
Join Date: Nov 2010
Location: Where ever Delta flies
Posts: 3,134
Quote:
Originally Posted by Adam_M View Post
This is going to be big news in the coming weeks!

http://www.theregister.co.uk/2011/09...ts_paypal_ssl/
Thanks for the link. I just had this conversation with my programmers. For another project requiring secure transfers of data, they told me how vunerable we could be.
__________________
"The time men spend in trying to impress others they could spend in doing the things by which others would be impressed."
NALEM is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 09:30 PM   #4
BIGTYMER
Junior Achiever
 
BIGTYMER's Avatar
 
Industry Role:
Join Date: Nov 2004
Location: Walled Garden
Posts: 17,066
Great...
BIGTYMER is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 09:50 PM   #5
cooldude7
Confirmed User
 
cooldude7's Avatar
 
Industry Role:
Join Date: Nov 2009
Location: Heaven
Posts: 4,306
ouch BEAST is coming., lol...........
cooldude7 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 09:51 PM   #6
cooldude7
Confirmed User
 
cooldude7's Avatar
 
Industry Role:
Join Date: Nov 2009
Location: Heaven
Posts: 4,306
endless possibilities.......
cooldude7 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 09:55 PM   #7
Adam X
Now Giving 1 Fuck Daily
 
Adam X's Avatar
 
Industry Role:
Join Date: Apr 2002
Location: California
Posts: 2,493
Quote:
Originally Posted by cooldude7 View Post
ouch BEAST is coming., lol...........
Once upon a time there was S.A.T.A.N... now BEAST? This IS a BFD.
__________________
Cronfund - Buy CRON now and earn 4% plus coin value. The best of DEFI!
Adam X is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 10:50 PM   #8
cooldude7
Confirmed User
 
cooldude7's Avatar
 
Industry Role:
Join Date: Nov 2009
Location: Heaven
Posts: 4,306
Quote:
Originally Posted by Adam X View Post
Once upon a time there was S.A.T.A.N... now BEAST? This IS a BFD.
yepp its bd.,
but
c'mon dont tell me , you never thought , this is gonna happen someday.,
cooldude7 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-20-2011, 11:01 PM   #9
Nathan
Confirmed User
 
Industry Role:
Join Date: Jul 2003
Posts: 3,108
Although I agree this is a big big problem, let's all accept the fact that Man-In-The-Middle attacks are not easy on the internet. You would need access to one of the main routers on the net to make this matter big time. Of course a spyware system running on a client's system is now able to decrypt SSL then, but it could grab the data after decryption anyway...

I know very few people that have access to major routers on the net and would use them to hack SSL streams.
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger
Nathan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-21-2011, 03:16 AM   #10
See Cig
Confirmed User
 
Join Date: Jan 2005
Posts: 515
Quote:
Originally Posted by Nathan View Post
Although I agree this is a big big problem, let's all accept the fact that Man-In-The-Middle attacks are not easy on the internet. You would need access to one of the main routers on the net to make this matter big time. Of course a spyware system running on a client's system is now able to decrypt SSL then, but it could grab the data after decryption anyway...

I know very few people that have access to major routers on the net and would use them to hack SSL streams.
hmm.
that kinda access... lets think.. should be making.. 40k-75k a year....on the avg..
vs what it could make....
over night...
__________________
See Sig
See Cig is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-21-2011, 03:19 AM   #11
See Cig
Confirmed User
 
Join Date: Jan 2005
Posts: 515
__________________
See Sig
See Cig is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-21-2011, 04:06 AM   #12
TheDoc
Too lazy to set a custom title
 
TheDoc's Avatar
 
Industry Role:
Join Date: Jul 2001
Location: Currently Incognito
Posts: 13,827
So they have to actually be watching for that connection, pretty much in control of your computer or server or an entire network really, so no sniffing these out... making this really fucking hard. Then they still have to guess what some keys are.., it doesn't decrypt everything.. and it takes 30 mins to do one cookie - and they still have to guess at some data and the next transaction the encrypt changes?


While this needs to get fixed.... it's a rather weak hack.
__________________
~TheDoc - ICQ7765825
It's all disambiguation
TheDoc is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-21-2011, 07:06 AM   #13
adultchatpay
Let's Make Money
 
adultchatpay's Avatar
 
Industry Role:
Join Date: Dec 2008
Posts: 8,784
Whoa, that is something.
adultchatpay is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.