Penetration Testing mailing list archives
Re: demoing sslv2 vulns
From: Robin Wood <robin () digininja org>
Date: Sun, 4 Jul 2010 12:52:36 +0100
On 4 July 2010 12:47, rapper crazy <rappercrazzy () gmail com> wrote:
Hello Robin, The exploitation of these vulnerabilities require industrial / govt level infra support. The only way to attack these vulnerabilities are with cryptanalytic attack. Breaking these might not be possible for lone attacker but considering corporate espionage, dumping the network (ssl-encrypted) traffic, these dumps can later be brute force to recover the session key and then the whole communication. Thanks JT
So basically I tell them that for most situations they currently aren't really a threat but as cryptanalysis only gets better, never worse it is only a matter of time before they become a problem so it is better to get protected now before it is a problem rather than rush to upgrade once it does become a problem. Sound about right? Robin ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- demoing sslv2 vulns Robin Wood (Jul 03)
- Message not available
- Re: demoing sslv2 vulns Robin Wood (Jul 04)
- RE: demoing sslv2 vulns Cor Rosielle (Jul 07)
- Re: demoing sslv2 vulns Todd Haverkos (Jul 12)
- Re: demoing sslv2 vulns Yered Céspedes (Jul 13)
- Re: demoing sslv2 vulns Richard Miles (Jul 20)
- Re: demoing sslv2 vulns chintan dave (Jul 21)
- Re: demoing sslv2 vulns Richard Miles (Jul 24)
- Re: demoing sslv2 vulns chintan dave (Jul 24)
- Re: demoing sslv2 vulns Saleh (Jul 28)
- Re: demoing sslv2 vulns Robin Wood (Jul 28)
- Re: demoing sslv2 vulns Robin Wood (Jul 04)
- Message not available