"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
draft standard that addresses the vulnerability."
To:
"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS
Working Group draft that addresses the vulnerability."
Where "IETF TLS Working Group" is hyperlinked to
http://www.ietf.org/dyn/wg/charter/tls-charter.html
That would help people who do not have a clue who the IETF or the TLS WG or
that both are open standards forums.
Thanks,
Barry
> -----Original Message-----
> From: RedTeam Pentesting GmbH [mailto:release (at) redteam-pentesting (dot) de [email concealed]]
> Sent: Monday, December 21, 2009 5:04 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: TLS Renegotiation Vulnerability: Proof of Concept Code
> (Python)
>
> Information about a vulnerability in the TLS protocol was published in
> the
> beginning of November 2009. Attackers can take advantage of that
> vulnerability
> to inject arbitrary prefixes into a network connection protected by
> TLS. This
> can result in severe vulnerabilities, depending on the application
> layer
> protocol used over TLS.
>
> RedTeam Pentesting used the Python module "TLS Lite" to develop proof
> of concept
> code that exploits this vulnerability. It is published at
>
> http://www.redteam-pentesting.de/publications/tls-renegotiation
>
> to raise awareness for the vulnerability and its potential impact.
> Furthermore,
> it shall give interested persons the opportunity to analyse
> applications
> employing TLS for further vulnerabilities.
>
> --
> RedTeam Pentesting GmbH Tel.: +49 241 963-1300
> Dennewartstr. 25-27 Fax : +49 241 963-1304
> 52068 Aachen http://www.redteam-pentesting.de/
> Germany Registergericht: Aachen HRB 14004
> Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF
draft standard that addresses the vulnerability."
To:
"Transport Layer Security (TLS) Renegotiation Indication Extension, IETF TLS
Working Group draft that addresses the vulnerability."
Where "IETF TLS Working Group" is hyperlinked to
http://www.ietf.org/dyn/wg/charter/tls-charter.html
That would help people who do not have a clue who the IETF or the TLS WG or
that both are open standards forums.
Thanks,
Barry
> -----Original Message-----
> From: RedTeam Pentesting GmbH [mailto:release (at) redteam-pentesting (dot) de [email concealed]]
> Sent: Monday, December 21, 2009 5:04 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: TLS Renegotiation Vulnerability: Proof of Concept Code
> (Python)
>
> Information about a vulnerability in the TLS protocol was published in
> the
> beginning of November 2009. Attackers can take advantage of that
> vulnerability
> to inject arbitrary prefixes into a network connection protected by
> TLS. This
> can result in severe vulnerabilities, depending on the application
> layer
> protocol used over TLS.
>
> RedTeam Pentesting used the Python module "TLS Lite" to develop proof
> of concept
> code that exploits this vulnerability. It is published at
>
> http://www.redteam-pentesting.de/publications/tls-renegotiation
>
> to raise awareness for the vulnerability and its potential impact.
> Furthermore,
> it shall give interested persons the opportunity to analyse
> applications
> employing TLS for further vulnerabilities.
>
> --
> RedTeam Pentesting GmbH Tel.: +49 241 963-1300
> Dennewartstr. 25-27 Fax : +49 241 963-1304
> 52068 Aachen http://www.redteam-pentesting.de/
> Germany Registergericht: Aachen HRB 14004
> Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
[ reply ]