PR Log (Press Release) –
Nov 05, 2009 – (Seattle) Leviathan Security Group, Inc., a well respected security engineering consultancy working in concert with security researchers Marsh Ray and Steve Dispensa, The Internet Engineering Task Force (IETF) and several security vendors helped to mitigate vulnerabilities in both the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) of the Internet. TLS and SSL are commonly used by online retailers and banks to provide security for web transactions. These vulnerabilities represent a serious threat for many protocols built on SSL and TLS including HTTPS. SSL and TLS protocols are vulnerable to a related set of man-in-the-middle (MITM) attacks that allow an attacker to inject data into an authenticated stream without detection. These vulnerabilities allow an outsider to commandeer a legitimate user's browser session and impersonate that user.
Frank Heidt, CEO of Leviathan Security Group worked around the clock to explain and help coordinate the mitigation efforts of vendors and the IETF.
“We have worked tirelessly with the IETF, major vendors, and the Federal Government for months prior to the disclosure of the vulnerability. Our effort and that of our trusted partners in the security industry have been instrumental in handling the impact and implementing remediation,”
said Chad Thunberg, COO of Leviathan.
In-depth technical details regarding the vulnerability, impact, mitigation and tools to test vulnerability can be found at http://www.leviathansecurity.com/research.html#ssl
Leviathan is aggressively pursuing remediation strategies to assist customers with responding to and mitigating threats until the release of the revised protocol extension as a preliminary solution is available.
Leviathan brings more than 100 years of combined security expertise to bear on our customers' most challenging scenarios, and applies it via a collaborative, solutions-oriented delivery model. Our company’s foundation is its state-of-the-art practitioners and thought leaders in security assurance tools and techniques that proactively mitigate reputation and operational risks. Our expertise spans the entire lifecycle of information security, from program development and implementation, awareness and training, assessment and monitoring, to incident response and forensics.
Leviathan's technical acumen is unsurpassed, as demonstrated by our customers' loyalty, our extensive published research and our contributions to well-respected security community projects. Our unique capabilities drive scalable, technology-enhanced consulting services, integrated within a field-tested methodology for project management and quality assurance overseen by our executive team.
