Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for web transactions. Ray explained in a blog post on Thursday that he had initially discovered the flaw in August, and demonstrated a working exploit to Dispensa at the beginning of September. This vulnerability could impact any Cisco product that uses any version of TLS and SSL.

Surfing the web, I have found a nice article about BGP weakness. This document, entitled “Defending Against BGP Man-In-The-Middle Attacks“, was presented by Earl Zmijewski during Black Hat DC 2009 (Hyatt Regency Crystal City – February 16-17 – Arlington, Virginia). The slides focus on four points: BGP Routing Basics – Enough to understand and identify the threat BGP Update Messages BGP Attributes Some real examples The Man-In-The-Middle Attack: How BGP MiTM attack work What are the techniques used by an attacker to “tune” the attack (Obscuring the MITM attack with TTL adjustment) Detecting the Attack – Methods for observing the attack [...]