lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <2BF9C051-9C1B-454A-93BC-C9474599D6D0@gmail.com>
Date: Tue, 25 Oct 2011 19:30:00 -0400
From: William Reyor <opticfiber@...il.com>
To: Darren McDonald <darren@...donald.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	information security <informationhacker08@...il.com>
Subject: Re: Microsoft Outlook Web Access Session
	sidejacking/Session Replay Vulnerability

How would a remote attacker be able to read my systems memory?

On Oct 25, 2011, at 7:28 PM, Darren McDonald <darren@...donald.net> wrote:

> On 25 October 2011 23:36, William Reyor <opticfiber@...il.com> wrote:
>> Still possible when ssl connections are enforced?
>> 
> 
> Yes, because if an attacker is able read your system's memory then
> they will be able to decrypt your SSL traffic by using your symmetric
> encryption keys. I call this the encryption key sidejacking attack.
> 
> Renski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ