[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TLS / SSLv3 vulnerability explained (DRAFT)

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, <info@xxxxxxxxxxxxx>
Subject: [Full-disclosure] TLS / SSLv3 vulnerability explained (DRAFT)
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Wed, 18 Nov 2009 15:42:26 +0100

Dear List,

This paper explains the vulnerability for a broader audience and
summarizes the information that is currently available. The document
is prone to updates and is believed to be accurate by the time of
writing.

Post:
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

Direct Download
http://clicky.me/tlsvuln

Disclaimer
Information is believed to be accurate by the time of writing.
As this vulnerability has complex implications this document
is prone to revisions in the future.


Thierry ZOLLER - G-SEC
http://www.g-sec.lu
Principal Security Consultant



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009
Next by Date: [Full-disclosure] Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow
Previous by thread: [Full-disclosure] DEFCON London - DC4420 - NO MEETING this Thursday! 19th November 2009
Next by thread: [Full-disclosure] Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow
Index(es):
- Date
- Thread