Researchers detail SSL implementation holes

A team of US researchers has revealed how the use of Secure Sockets Layer (SSL) in a large range of big ticket applications could allow for man-in-the-middle interception.

In a paper dubbed “The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software”, researchers from Stanford University and the University of Texas found vulnerabilities in how SSL was handled in Android, Amazon’s EC2 Java library and software development kit, and instant message clients Trillian and AIM.


Read more: Researchers detail SSL implementation holes

Story added 29. October 2012, content source with full text you can find at link above.