tag:social.mxchange.org,2015-03-03:noticeId=127610:objectType=noteroland repeated a notice by fefelongerRT @<a href="https://gnusocial.de/fefelonger" class="h-card mention" title="blog.fefe.de">fefelonger</a> Bug des Tages: Kann man TLS-Implementationen verwirren, indem man sich nicht an die State-Übergänge aus dem Standard hält? Wie sich rausstellt: Ja, kann <a href="https://social.mxchange.org/url/29545" title="http://man.In/" rel="nofollow external">https://social.mxchange.org/url/29545</a> particular, a network attacker can send the certificate of any arbitrary website, and skip the rest of the protocol messages. A vulnerable JSSE client is then willing to accept the certificate and start exchanging unencrypted application data. In other words, the JSSE <a href="https://gnusocial.de/" title="https://gnusocial.de/" class="attachment" id="attachment-4414" rel="nofollow external">https://gnusocial.de</a> ...http://activitystrea.ms/schema/1.0/share2015-03-03T23:36:14+00:002015-03-03T23:36:14+00:00http://activitystrea.ms/schema/1.0/personhttps://social.mxchange.org/user/1rolandPassionate PHP/Java SE/EE developer and admin of https://social.mxchange.orgrolandRoland HäderPassionate PHP/Java SE/EE developer and admin of https://social.mxchange.orgKrefeld, Germanyhomepagehttp://mxchange.orgtruehttp://activitystrea.ms/schema/1.0/activitytag:gnusocial.de,2015-03-03:noticeId=6439794:objectType=noteBug des Tages: Kann man TLS-Implementationen verwirren, indem man sich nicht an die State-Übergänge aus dem Standard hält? Wie sich rausstellt: Ja, kann <a href="https://social.mxchange.org/url/29545" title="http://man.In/" rel="nofollow external">https://social.mxchange.org/url/29545</a> particular, a network attacker can send the certificate of any arbitrary website, and skip the rest of the protocol messages. A vulnerable JSSE client is then willing to accept the certificate and start exchanging unencrypted application data. In other words, the JSSE <a href="https://social.mxchange.org/attachment/29547" class="attachment more" title="Show more">…</a>http://activitystrea.ms/schema/1.0/post2015-03-03T23:30:03+00:002015-03-03T23:30:03+00:00http://activitystrea.ms/schema/1.0/personhttps://gnusocial.de/user/50446fefelongerAls Ergänzung zu @fefedent liefert dieser Bot den vollständigen Feed von blog.fefe.de in die Federation.fefelongerblog.fefe.deAls Ergänzung zu @fefedent liefert dieser Bot den vollständigen Feed von blog.fefe.de in die Federation.homepagehttp://blog.fefe.de/truehttp://activitystrea.ms/schema/1.0/notetag:gnusocial.de,2015-03-03:noticeId=6439794:objectType=noteNew note by fefelongerBug des Tages: Kann man TLS-Implementationen verwirren, indem man sich nicht an die State-Übergänge aus dem Standard hält? Wie sich rausstellt: Ja, kann <a href="https://social.mxchange.org/url/29545" title="http://man.In/" rel="nofollow external">https://social.mxchange.org/url/29545</a> particular, a network attacker can send the certificate of any arbitrary website, and skip the rest of the protocol messages. A vulnerable JSSE client is then willing to accept the certificate and start exchanging unencrypted application data. In other words, the JSSE <a href="https://social.mxchange.org/attachment/29547" class="attachment more" title="Show more">…</a>tag:gnusocial.de,2015-03-03:noticeId=6439794:objectType=thread:crc32=9fa15070tag:gnusocial.de,2015-03-03:noticeId=6439794:objectType=thread:crc32=9fa15070