August 03, 2009

Firefox plugs SSL bugs

Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK
Related Articles
Related Topics
close

Next Article in News

Sign up to our newsletters

More in News

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help ...

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.