New SSL Vulnerability
It’s hard for me to get too worked up about this vulnerability:
Many popular applications, HTTP(S) and WebSocket transport libraries, and SOAP and REST Web-services middleware use SSL/TLS libraries incorrectly, breaking or disabling certificate validation. Their SSL and TLS connections are not authenticated, thus they—and any software using them—are completely insecure against a man-in-the-middle attacker.
Great research, and—yes—the vulnerability should be fixed, but it doesn’t feel like a crisis issue.
Another article.
DrNo • November 7, 2012 1:56 PM
Yes it’s a vulnerability and yes it’s SSL-related, but it’s as much an SSL/TLS vulnerability as drunk-driving is a defect in the car design.