| |
Driving Excellence and Innovation in Security Response
ICASI intends to be a trusted forum for addressing international, multi-product security challenges. This trusted forum extends
the ability of information technology vendors to proactively address complex security issues and better protect enterprises, governments, and citizens,
and the critical IT infrastructures that support them. ICASI shares the results of its work with the IT industry through papers and other media.
A New Generation of Internet Security Challenges
Several trends are contributing to a rapidly evolving threat landscape, thereby presenting new challenges across the global IT infrastructure.
- Attacks are increasing in their sophistication and complexity. In the matter of a few years, attacks promulgated via the Internet have
rapidly evolved from disruptive worms and large scale viruses that were common between 1999 and 2003. Today's attacks, more complex and often
difficult to detect, can target specific classes of users, even specific users, and gain access to and cause harm to valuable data.
- The Internet is expected to continue growing at a tremendous rate. The number of users, the amount of IT infrastructure, and the number
of activities and services that are migrating online are expected to effectively double the size of the Internet over the coming years.
- The world economy and societies are becoming increasingly globalized. The IT infrastructure, its components, and its users increasingly
originate from all corners of the world.
All of these trends result in exponential increases in complexity and interdependence that drive a need for a new generation of security
response and engineering. The Industry Consortium for Advancement of Security on the Internet (ICASI) was conceived to proactively address this need.
|
| |
NEWS UPDATES |
|
ALERTS & ADVISORIES |
Nov. 5, 2009 — The Industry Consortium for the Advancement of Security on the Internet (ICASI) was approached several weeks ago by PhoneFactor regarding vulnerabilities affecting most major implementations of the Transport Layer Security (TLS) protocol, supporting the Secure Sockets Layer (SSL) protocol. Since that time, ICASI has been working with other IT vendors, representatives from Industry standards bodies (IETF), and developers within the open source community to understand the impact and help propose potential fixes along with mitigations that can be used to protect services impacted by this vulnerability.
ICASI continues to work with coordination bodies and other vendors to mitigate these vulnerabilities.
For press inquiries, contact: Ruth Cassidy, rcassidy@virtualmgmt.com.
For information on participating in ICASI technical discussions regarding this issue, contact: usirp_chair@icasi.org.
|
November 11, 2009
ICASI Advisory
Transport Layer Security (TLS) Man-In-The-Middle (MITM) Vulnerability
|
|
|
|
