You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Management

Security Management White Papers

Password Interception in a SSL/TLS Channel

Tags:
security management

Overview Simple password authentication is often used e.g. from an email software application to a remote IMAP server. This is frequently done in a protected peer-to-peer tunnel, e.g. by SSL/TLS. At Eurocrypt'02, Vaudenay presented vulnerabilities in padding schemes used for block ciphers in CBC mode. He used a side channel, namely error information in the padding verification. This attack was not possible against SSL/TLS due to both unavailability of the side channel (errors are encrypted) and premature abortion of the session in case of errors. This paper extends the attack and optimizes it. The paper shows it is actually applicable against latest and most popular implementations of SSL/TLS (at the time this paper was written) for password interception.

Further White Paper Details
Publisher	Ecole Polytechnique Federale de Lausanne	File Format	PDF
Date Published	January 2009
Format	White Papers
Topics	Security Management, SSL - TLS

Did you find this white paper useful?

Balancing Security Against Productivity

What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...

Publisher:
Novell

Activate Today!Realize ROI with IntelÂ® vPro Technology and Microsoft System Configuration Manager

Join the team from the Intel vPro Expert Center for an informative Webcast on the ROI savings and activation process for PCs with Intel® vPro™ technology and Microsoft System Configuration...

Publisher:
Intel

Tags:
portable computers

Animated Demo of vPro Systems

This animated demo shows how vPro offers security and manageability on the chip.

Publisher:
Intel

Tube Lines reaps rewards of upgrading to IntelÂ®CoreÂ™2 processor with vProÂ™technology

Tube Lines has a 30-year Public Private Partnership (PPP) contract with London Underground. It is responsible for the maintenance and upgrade of the infrastructure on the Jubilee, Northern and Piccadilly...

Publisher:
Intel

Tags:
portable computers

Video Case Study: Verizon UK

This video case study looks at how Chris Maylor, head of architecture services at Verizon UK, went about implementing vPro.

Publisher:
Intel

Hackers turn to dictionary to invade Cisco WLANs

Like any password-protected security mechanism, EAP-FAST could still succumb to a dictionary attack. In a statement, Cisco said it is aware of the dictionary attack method that exploits known vulnerabilities to password-based security schemes for...

Channel:
LANs

Hackers could force ransom victims to do 'dirty work'

Companies should make sure they have a vulnerability management process in place to ensure they patch systems, eliminate weaknesses in administrative processes, find and fix security configuration errors, and shield vulnerable systems.

Channel:
Malware
Tags:
ransom,
hackers,
gartner

iPhone, Gmail and blogs - a corporate security nightmare

Gartner advises organisations to configure content management and data loss prevention tools to monitor and block the release of sensitive content over HTTP and peer-to-peer network traffic and also configure the web gateway to block any services...

OpenID at risk due to DNS flaw, claims researcher

Various OpenID providers have TLS server certificates that use weak private keys, the researchers said, as a result of a previously reported flaw in the Debian random-number generator. A fundamental issue affects the OpenID authentication system...

Channel:
Security Strategy
Tags:
risk,
openid,
dns

Bank phishing fraudsters learn to spell

People are still clicking on the links to see if they are real and those who aren't adequately protected are getting infected," he told a session at the RSA Conference in San Francisco. According to a report by analyst house Gartner, the average...

Channel:
Malware
Tags:
banks,
hackers,
virus,
phishing

Web security warnings being ignored - even by the most tech-savvy

While SSL certificates often expire for benign reasons, an expired certificate can also indicate that the user could be the victim of a man-in-the-middle attack. In an online study conducted among 409 participants, the researchers found that the...

Channel:
Security Strategy
Tags:
firefox,
ssl

Featured White Papers

Harnessing the Power of Location Intelligence in the Public Sector

Throughout the world, public services today are under pressure. The current economic climate, where taxreceipts are naturally suppressed, provides very seriousfunding challenges. Moreover, in good times and bad, increasing regulation at the regional and national level is imposing additional duties and responsibilities on the public services without additional resources to carry them out. Store closures are changing the urban landscape. Demographic and/or economic change isincreasing demand for health and social services.Demand for decreased crime rates is focusing minds in law enforcement. And the threat of internationalterrorism is forcing greater contingency duties on the emergency services. The net result is a need to do more with lessÂ—quite a challenge.

Publisher:
Pitney Bowes

IBM XIVÂ® Storage System: Power Consumption Reinvented

Reducing power consumption is one of the most significant challenges of IT centers today. With storage needs on a steep rise, it is increasingly clear that new approaches must be explored. This IBM whitepaper shows how, on average, a traditional storage system using mirroring effectively uses less than 21% of its raw capacity, and an XIV system uses approximately 46% of its raw capacity.

Publisher:
IBM

3 Strategies for Reducing IT Support Costs

As companies brace for more bumps in the economic downturn, many organisations are indiscriminately cutting costs. To ensure a seamless transition into the post-recession market, however, slashing and burning is not recommended. Now is the time to strategically trim and strengthen for success. This IDC White Paper explores 3 tangible areas that IT departments should investigate to help strategise cost reduction during the downturn. Download the White Paper to learn: -- Why IT utilisation, end-user support and maintenance budgets are the most strategic areas to investigate -- How to effectively approach cost-saving measures within these areas while maintaining IT performance -- Tools and services the IDC recommends for achieving maximum cost savings and efficiency