News: Answers.com Selects C7 Data Centers for Data Protection and Security
News: NTT Com Boosts Japan-US Backbone Speed to 300Gbps
News: Bick Group Buys Blue Mountain Labs, Expands Cloud Computing Services
News: Pinnacle Cart to Debut PA DSS Complaint Release Next Week
News: Inside CloudLinux's New Linux-Based Cloud OS
(WEB HOST INDUSTRY REVIEW) -- An SSL flaw used to establish communications via the Internet could potentially have been exploited to break into individuals' Twitter (www.twitter.com) accounts, says an IBM security expert, according to a report by PC World.
In a demonstration conducted last week, Anil Kurmus showed how an SSL bug could be used to dupe Twitter users into sending "tweets" that include their account password.
In order to pull off the scam, hackers would need to launch a man-in-the-middle attack from inside the victim's network, making it difficult to impact a large number of Twitter members using this kind of tactic.
Twitter was able to patch the bug before anyone successfully pulled off the hack. However, security experts are concerned as to how many other websites might have a similar flaw.
A group of Internet companies has clamored to resolve the SSL bug since November 5, when the flaw went made public.
Security experts say that the bug may potentially affect Webmail applications, as well as other applications like databases.
Experts say that the Twitter website was vulnerable to the flaw because it uses client renegotiation under SSL, which lets the website request an SSL certificate from the Twitter user after he or she is already connected to the site.
And though the tool is beneficial in that it lets users log on using smart cards or allows sites to restrict access to a predetermined group of visitors, it also makes websites susceptible to SSL attacks.
Fortunately, many sites, such as Twitter, can disable client renegotiation.
 |
PREVIOUS: Most Firms Would "Love To Never Have To Buy Another Server Again": Survey | | | NEXT: New Jersey Man Indicted on Domain Theft Charges |  |
Read Back Issues of WHIR Magazine
October 2009 - Web Hosting's All Star Team
This has been, for us, one of the most interesting, exciting and challenging build-ups to an issue of the magazine yet, Web Hosting's All Star Team. The balloting process was our first experiment with a kind of user participation we're planning to do a lot more with in the months to come. We had thousands of ballots submitted, with hundreds of write-in suggestions and a demonstration of user engagement that has us feeling super positive about the project.
About This Issue | Read Digital Edition
July 2009 - What am I Worth?
One of the interesting luxuries of working on a project like the printed WHIR magazine is that it allows us to play with things like our point of view from one issue to the next. In recent months we've been giving added attention to the kind of practical and applicable advice aimed at smaller hosts and resellers. This issue carries on with that point of view, asking, in our cover story, "what am I worth?" It's a complicated question without a clear-cut answer.
About This Issue | Read Digital Edition
May 2009 - The Blueprint for a Small Web Host
I was a little surprised by how difficult it became to see this idea through. We set out to assemble a blueprint for a small hosting business, but butted up pretty quickly against the general impossibility of covering all the territory that was out there to be covered. The basic constraints of a printed magazine, and the less-than-infinite amount of time we had available forced us to face the fact that we could never produce an exhaustive guide to starting a hosting company.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.