Posted by :Derek On : January 20, 2010
Recently I have been looking into the vulnerabilities in the TLS negotiation process discovered late last year.
There are a range of experts debating the exploit methods, tools and how it may be fixed (server or client site or both). From what I have seen so far this may prompt a change to the TLS standard to introduce an extension to the protocol to validate sessions (session hand off and certificate validity).
I’m also trying to find some tools which may assist in testing for this. It looks like the exploit relies on an ARP poison or similar and then inserting plain text into the negotiation process.
Could be something that can be fixed over time as servers and clients are patched.
Posted by :Derek On : July 10, 2008
This has been kept under wraps by the Operating System and Hardware vendors for the last few weeks and now patches have finally been released for many Operating Systems, DNS software applications and Hardware devices.
If you provide or rely on DNZ services (external and Internal) you should consider quickly patching your servers/devices.
Although Internal DNS servers may not be exposed to an Internet attack, we see many more internal attacks within larger organisations which involve rogue server or services being established within the firewalled trusted network. As a result, this lifts the threat level of internal systems/services and therefore the need for effective timely patching.
Also consider asking the question of your hosting facility, upstream ISP or DNS provider to see if they have patched their DNS servers and forwarders.
http://www.doxpara.com/?p=1162 This link also has a DNS checker.
This is a full list of vendor patch links