Re: Major IE SSL Vulnerability?

From: Mike Lorrey (mlorrey@yahoo.com)
Date: Thu Aug 15 2002 - 16:11:14 MDT

• Next message: Mike Lorrey: "Re: globalization of fear"
• Previous message: Lee Corbin: "RE: American Education (was: Re: Nature as Advertisement)"
• In reply to: Emlyn O'regan: "Major IE SSL Vulnerability?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-- Emlyn O'regan <oregan.emlyn@healthsolve.com.au> wrote:
> This has come up today, and is of some concern to me professionally.
> I was
> wondering whether anyone else here knows anything about it? Harvey?
> I'm not
> sure if it's real, or a big hoax.
>
> Apparently, using SSL via IE (versions 4 through 6, I think, but
> especially
> 4 through 5.5), you are vulnerable to a relatively simple
> man-in-the-middle
> attack. Here's the bugtraq thread:
>
>
http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1

I believe that something like this was used against my yahoo account
recently, resulting in it being used to send large quantities of spam
mail (don't worry, I don't deny responsibility for ExI posts...)

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

• Next message: Mike Lorrey: "Re: globalization of fear"
• Previous message: Lee Corbin: "RE: American Education (was: Re: Nature as Advertisement)"
• In reply to: Emlyn O'regan: "Major IE SSL Vulnerability?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:08 MST