Thread: Linux flaw also affects Android/Sailfish devices
View Single Post
juiceme is offline juiceme
2016-08-17 , 07:56
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#11
Originally Posted by nieldk View Post
Not exactly so, this attack, while not 'easy' still, does enables attacking (downgrading) SSL connections.
It has been possible for some years, by MiTM attacks, the situation now however is it is no longer needed to be on the same network (MiTM), you do however, need to know IP adress of both targets. (Victim and server).
Yes, in theory. And it is a very thin theory indeed.
I have yet to see that attack succeed in real-life situations. It basically can only work against https connections and requires that the server side has fairly outdated configuration.
For ssh, good luck trying!
 

The Following User Says Thank You to juiceme For This Useful Post: