Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

New Vuln , Get yer Freak on ! SSL/TLS heaven.

Comments

  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    SSL is dead so whats next , the vulnerabilities are popping up way to often for this old outdated platform ??


  • Closed Accounts Posts: 1,322 ✭✭✭dbit




  • Registered Users, Registered Users 2 Posts: 36,517 ✭✭✭✭Hotblack Desiato


    Moral of the story is don't offer 20+ year old weak-ass encryption protocols on your server, and don't accept them on your client. Encryption is always a moving target, don't be the guy standing still for 20 years.

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    hi there,

    I wrote a small piece on the FREAK vulnerability.

    http://www.cycubix.com/?p=258

    It seems majority of vendors published patches for their systems at this stage.

    The only exception is Cisco that still has a long list of vulnerable apps:

    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

    Fabio


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Yup most vendors Have now issued patches , thing is we all know that there are thousands out there that will not implement them. Here in trend micro we came up with intrusion prevention blocks on these before the vendors did themselves. :-) (And often still come up with 0 day blocks on new and emerging vulnerabilities.)

    No china or USA here .........


  • Advertisement
Advertisement