This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I know we discourage cross-posting between forum sections, I beg your indulgence, because I know more folks read MD than read the security forum. I mentioned this post, and a senior member here expressed shock that (1) Nokia would do this and (2) that the notice was missed.
For the past 15+ years, we have been teaching consumers that when we build systems using HTTPS (aka TLS/SSL) that we have made it secure. Or at least
secure enough for sensitive things like accessing your bank account, brokerage, or doing online shopping where real money transfers.
The security folks have long suspected that some smartphone technologies break this agreement. The proxy the traffic through a vendor-specific server and then reformat, compress, and otherwise "make better" the communications. What this really is, no matter what the marketing words say, is an explicit Man In The Middle (MITM) attack. It reflects a fundamental weakness in all RSA encrypted communications, exactly what we use in HTTPS and SSL, SSH, etc.
Point taken about the respective quantities of readership in both forums. But I'll close this topic so that any follow-up discussion (which I've just started) can happen in the Security forum - which is the proper place for that.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: Nokia admits to implementing a Man-In-The-Middle flaw in HTTPS