Follow Slashdot stories on Twitter


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - SSL Vulns Found in Critical Non-Browser Software (

Gunkerty Jeb writes: The death knell for SSL is getting louder.

Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages.

Serious security vulnerabilities were found in programs such as Amazon’s EC2 Java library, Amazon’s and PayPal’s merchant SDKs, Trillian and AIM instant messaging software, popular integrated shopping cart software packages, Chase mobile banking software, and several Android applications and libraries. SSL connections from these programs and many others are vulnerable to a man in the middle attack.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

SSL Vulns Found in Critical Non-Browser Software

Comments Filter:

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall