Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, April 30, 2004

A technical description of the SSL PCT vulnerability

A technical description of the SSL PCT vulnerabilityThere has been public discussions about the exploitation of the SSL PCT vulnerability.


Exploit code was made publicly available (THCIISLame.c) and rumors of a potential worm that uses the vulnerability as an attack vector are spreading the security news.  This is an analysis of the vulnerability and the method of exploitation.

More info:

Posted on 04/30