Online and Digital Identification, Securing Web 2.0, PKI and Digital Certificates

Microsoft patches finally released to address SSL/TLS vulnerability

Thursday, August 19, 2010

PhoneFactor’s SSL/TLS authentication project has been officially released by vendors after just one year in the making. Microsoft began releasing patches for all supported versions of Windows last week and the SSL/TLS vulnerability has been addressed by all major vendors without any known problems taking place.

The major vulnerability in SSL protocol is rooted in the SSL authentication gap. This had allowed attackers to mount a man-in-the-middle attack by inserting data and commands into the authenticated SSL communications path.

A weakness in the SSL protocol standard–formally known as Transport Layer Security, or TLS–caused the vulnerable network and resulted in most SSL implementations being exposed to security threats at some level. In November 2009, the severity of these attacks became public and Microsoft rated the vulnerability as “important,” the second-highest classification on its four-tier scale.

The new SSL protocol, RFC 5746, is in place and features more secure implementations of renegotiation from Microsoft, OpenSLL, and Oracle’s Java. [end] 

Related Articles
Windows 8 will synch passwords

Microsoft’s Windows 8 will include a feature called Live ID that will enable a user to store any password and then sync it across all other trusted Windows 8 machines, according to a report on theverge.com. Since the Live ID is the only password the user will have to remember, other passwords can be set to long, complex, and unique values that would be otherwise difficult to remember.

read more »
Microsoft mandates NFC mark on Windows 8 devices

Microsoft is requiring that all NFC-enabled PC’s and tablets running on the Windows 8 operating system be marked with a special NFC insignia, according to NFC Times.

read more »
Maine college's OneCard goes off campus

The OneCard from Bowdoin College in Brunswick, Maine, can now be used at three off-campus restaurants with more merchants set to join.

“It’s a project we’ve been working on for some time now and its finally coming to fruition,” said OneCard Coordinator Chris Bird.

read more »
ARX receives certification for network hardware security module

ARX received FIPS 201 approval from the U.S. Government’s General Services Administration on the Approved Products List for compliance for its PrivateServer network-attached hardware security module.

read more »

Comments
Be first to comment...
Comment on this article

Your full name and URL will be displayed with your comment.

Your email is not shown or shared, and is used only for your Gravatar image.




characters left.
Copyright © 2012, AVISIAN, Inc. All rights reserved.