cross check your source ... my sources show this does NOT require MITM, just sniffing proximity, and client side soft(mal)ware injection, which individually proves not to be difficult, just requires a bit of coordination for both parts now.
On Wed, Sep 21, 2011 at 10:11 AM, Kennedy, Jim <kennedy...@elyriaschools.org > wrote: > Ok, I have some insight on this one from a very trusted source.**** > > ** ** > > **1) **It requires a successful man in the middle attack which is not > that easy to do with SSL and it requires you to be on the same subnet as the > victim or the SSL host.**** > > **2) **The attack has been around for years, the only thing new here > is that someone sort of built a tool to do it and is getting press coverage. > **** > > **3) **Very low risk.**** > > **4) **Part of the exploit will be killed very quickly now that it > has gone public.**** > > ** ** > > I am putting my SSL certs back in now.**** > > ** ** > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Wednesday, September 21, 2011 10:00 AM > *To:* NT System Admin Issues > *Subject:* Re: SSL hack**** > > ** ** > > LOL > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Wed, Sep 21, 2011 at 8:39 AM, Kennedy, Jim < > kennedy...@elyriaschools.org> wrote:**** > > I removed all my SSL certs, so they can’t hack them. Just running straight > http, let’s see them beat that!**** > > **** > > *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] > *Sent:* Wednesday, September 21, 2011 8:39 AM > *To:* NT System Admin Issues > *Subject:* Re: SSL hack**** > > **** > > I think everyone is cowering in their foxholes right now...**** > > On Wed, Sep 21, 2011 at 8:33 AM, Erik Goldoff <egold...@gmail.com> wrote:* > *** > > Hmmmm, looks like something I posted yesterday ... maybe you'll get more > response.**** > > > > **** > > On Wed, Sep 21, 2011 at 8:30 AM, Steven M. Caesare <scaes...@caesare.com> > wrote:**** > > Interesting, and potentially significant: > http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/**** > > **** > > -sc**** > > **** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~**** > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin