NEWSWIRETODAY Press Release& Newswire Distribution | HOME
MOST TRUSTED NEWSWIRE PRESS RELEASE DISTRIBUTION
PRTODAY / NewswireToday press release distribution service network
Agency / Source: Ventana Public Relations

Check Ads Availability|e-mail Article

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Researchers Uncover Serious Flaw in Handling of Extended Validation SSL by Popular Browsers - Leading security experts reveal how users of EV SSL-protected websites are at risk to silent Man-In-The-Middle attacks
Researchers Uncover Serious Flaw in Handling of Extended Validation SSL by Popular Browsers

 

NewswireTODAY - /newswire/ - New York, NY, United States, 2009/07/21 - Leading security experts reveal how users of EV SSL-protected websites are at risk to silent Man-In-The-Middle attacks.

   
 
Your Banner Ad Here instead - Showing along with ALL Articles covering Fraud / Identity Theft / Piracy Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!

Share your Adsense publishers stories on Google tactics and your revenues drop

 

Intrepidus Group, a leading provider of information security services and software, today announced research that shows new short comings in browser designs that allow an attacker to silently “Man-In-The-Middle” (MITM) Extended Validation (EV) SSL-protected websites. Users of sites that appear to be secure through the “glow” of their green badge, have been found to be at risk of malicious attacks.

Research conducted by Mike Zusman, principal consultant at Intrepidus Group, and independent security researcher Alex Sotirov shows that a common web browser design flaw can be exploited to compromise SSL encrypted data, even when the user sees the green badge of EV SSL. The researchers have devised a new attack, called SSL Rebinding, which exploits this flaw to sniff sensitive data as it leaves the browser. Zusman and Sotirov have also demonstrated that the same flaw can be leveraged to launch browser cache poisoning attacks against EV SSL protected websites. Both attacks can cause significant exposure and silently expose “encrypted” sessions protected by an EV SSL certificate.

• SSL Rebinding is an attack against an SSL involving a rogue MITM server which uses a combination of SSL certificates to manipulate client behavior and bypass security mechanisms.

• EV Cache Poisoning is a persistent attack, where cached content of an EV SSL protected web site can be poisoned without the victim consciously browsing the site.

“Verifying the “green glow” of EV SSL in the browser has often been pitched as the silver bullet to thwarting phishing attacks,” said Rohyt Belani, CEO of Intrepidus Group. “Our research shows that the green glow can be misleading and provide a false sense of security. Employees and customers should be provided a holistic perspective on phishing to best train them to be resilient to this ever-growing threat.”

Zusman and Sotirov will present the details of their research findings during the Back Hat USA 2009 Briefings & Training conference. Intrepidus Group has also enhanced its PhishMe solution to empower individuals to identify these attacks and protect themselves from cybercrime exposure.

Black Hat USA 2009 Briefings & Training Presentation
Mike Zusman and Alexander Sotirov will be sharing details of this new research on EV SSL Attacks during the Back Hat USA 2009 Briefings & Training conference, at Caesar’s Palace in Las Vegas, Nevada. Their session will be held on “Day 2,” July 30, 2009 in the “//random” track from 3:15 to 4:30 pm.

About PhishMe
PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.

About Intrepidus
Intrepidus Group (intrepidusgroup.com) is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group’s consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues. Intrepidus Group One Penn Plaza, Suite 6180, New York, New York 10119

PhishMe.com is a registered trademark of Intrepidus Group. All other product and company names herein are or may be trademarks of their respective owners.

 
 
Your Banner Ad Here instead - Showing along with ALL Articles covering Fraud / Identity Theft / Piracy Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!

Share your Adsense publishers stories on Google tactics and your revenues drop

 

Agency / Source: Ventana Public Relations

 
 

Availability: All Regions (Including Int'l)

 

Traffic Booster: [/] Quick NewswireToday Visibility Checker

 

Distribution / Indexing: [+]

 
 
# # #
 
 
  Your Banner Ad showing on ALL
Fraud / Identity Theft / Piracy articles,
CATCH Visitors via Your Competitors Announcements!


Researchers Uncover Serious Flaw in Handling of Extended Validation SSL by Popular Browsers

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name NewswireToday and LINK as the source.
 
  For more information, please visit:
Is this your article? Activate ALL web links by Upgrading to Press Release PREMIUM Plan Now!
|
Contact: Derek Kol 
818-681-9400 derek[.]derekkol.com
 
PRZOOM / PRTODAY - Newswire Today disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any Ventana Public Relations securities in any jurisdiction including any other companies listed or named in this release.

Fraud / Identity Theft / Piracy via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!


Read Latest Articles From Ventana Public Relations / Company Profile


Read Fraud / Identity Theft / Piracy Most Recent Related Newswires:

Group-IB Uncovers A Ramadan-related Scam Targeting Muslim Mobile Users Worldwide
Unitel Selects Subex for Protection Against Telecom Fraud
Ethio Telecom Selects HyperSense Fraud Management
Enterprise Security Concerns Drive Global Demand for Fraud Detection & Prevention Solutions Finds Frost & Sullivan
Fraud Prevention Strategies are Imperative Amid Rising eCommerce Transactions Notes Frost & Sullivan
Signifyd Named Market Leader by Frost & Sullivan for Dominating eCommerce Fraud Prevention with an Exceptional Consumer Experience
NAGRA NexGuard Forensic Watermarking Leverages AWS to Secure Pre-release and Early-release Content
Bitdefender Integrates MSP Security Suite with Datto RMM
Cybereason Announces its Newest Customer G-Star Raw
Bitdefender Finds New Attack Mechanism that Lets Cybercriminals Steal Private Data from Machines Using Intel Processors
Cybereason Briefs Several U.S. House and Senate Committees on the Massive State-Sponsored Espionage Campaign Against Critical Infrastructure Telcos
Bitdefender 2020 Consumer Line Shields Users from Privacy Invasion While Halting Online Threats
Bitdefender Delivers Proactive Attack Surface Reduction with Advanced Endpoint Risk Analytics
Bitdefender, Europol, Romanian and French Police, FBI Team Up for Fourth GandCrab Decryptor
IDology Named ‘Company of the Year’ in KNOW Identity Awards

Boost Your Social Network
& Crowdfunding Campaigns


LIFETIME SOCIAL MEDIA WALL
NewswireToday Celebrates 10 Years in Business


PREMIUM Members


Visit  JobsWare.com

Visit  NexGen Unlimited, LLC





 
  ©2005-2024 NewswireToday — Limelon Advertising, Co.
Home | About | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneurs newswire distribution prtoday.com newswiredistribution asianewstoday bizwiretoday USA pr UK today - NOT affiliated with PRNewswire as we declined their partnership offer in 2013
 
PRTODAY & NewswireTODAY are proudly NOT affiliated with USA TODAY (usatoday.com)