Network Security, Patch/Configuration Management, Vulnerability Management

Firefox plugs SSL bugs

Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK

Related

Related Events

  • eSummit
    Network security: New tools for an aging art

  • Cybercast
    The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead

    On-Demand Event

  • Cybercast
    Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement

    On-Demand Event

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.