| By Lori MacVittie |
Article Rating: |
|
| November 6, 2009 03:30 PM EST |
|
|
Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed.
Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our own DevCentral members was out implementing a solution.
No, he’s not a vendor with a product to worry about, he’s just a “guy” trying to defend his web site and applications from potential attacks like this one. But he’s a guy with network-side scripting in his arsenal of web application security tools, and with that and his understanding of the very well-documented vulnerability he crafted a solution.
Colin documents the iRule that addresses this vulnerability in his 20LoL post for the week, and so I won’t repost the code. You can also view the forum thread [registration required] in which “Lupo” describes and discusses the solution.
What I love about this solution is not necessarily that it solves a particular vulnerability. That’s awesome, of course, and a great thing but in the coming weeks and months we’ll see a lot of solutions that address this particular vulnerability. What I really love about this solution is the speed with which it was implemented. The vulnerability was disclosed yesterday and Lupo had a solution today, which he generously shared with thousands of others who can immediately put into use the same solution.
A lot of folks talk about agility and how solution X or Y enables organizations to respond rapidly to changing market/business conditions, but rarely do you see as solid an example as this one. From disclosure to solution in one day. That’s agility in action.
Technorati Tags:
MacVittie,
F5,
application security,
security,
TLS,
SSL,
man in the middle,
marsh ray,
vulnerability,
network-side scripting,
iRules,
solutionRelated blogs & articles:
Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.
