(Seattle) Leviathan Security Group, Inc., a well respected security engineering consultancy working in concert with security researchers Marsh Ray and Steve Dispensa, The Internet Engineering Task Force (IETF) and several security vendors helped to mitigate vulnerabilities in both the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) of the Internet. TLS and SSL are commonly used by online retailers and banks to provide security for web transactions. These vulnerabilities represent a serious threat for many protocols built on SSL and TLS including HTTPS. SSL and TLS protocols are vulnerable to a related set of man-in-the-middle (MITM) attacks that allow an attacker to inject data into an authenticated stream without detection. These vulnerabilities allow an outsider to commandeer a legitimate user's browser session and impersonate that user.
Frank Heidt, CEO of Leviathan Security Group worked around the clock to explain and help coordinate the mitigation efforts of vendors and the IETF.
“We have worked tirelessly with the IETF, major vendors, and the Federal Government for months prior to the disclosure of the vulnerability. Our effort and that of our trusted partners in the security industry have been instrumental in handling the impact and implementing remediation,”
In-depth technical details regarding the vulnerability, impact, mitigation and tools to test vulnerability can be found at http://www.leviathansecurity.com/
Leviathan is aggressively pursuing remediation strategies to assist customers with responding to and mitigating threats until the release of the revised protocol extension as a preliminary solution is available.
