Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.

New Vuln , Get yer Freak on ! SSL/TLS heaven.

Comments

  • #2
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    SSL is dead so whats next , the vulnerabilities are popping up way to often for this old outdated platform ??


  • #3
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Hands up Microsoft , Oh dear .
    https://technet.microsoft.com/en-us/library/security/3046015


  • #4
    Hotblack Desiato
    Registered Users, Registered Users 2, Paid Member Posts: 38,456 ✭✭✭✭Hotblack Desiato


    Moral of the story is don't offer 20+ year old weak-ass encryption protocols on your server, and don't accept them on your client. Encryption is always a moving target, don't be the guy standing still for 20 years.

    I'm partial to your abracadabra,

    I'm raptured by the joy of it all.



  • #5
    fcerullo
    Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    hi there,

    I wrote a small piece on the FREAK vulnerability.

    http://www.cycubix.com/?p=258

    It seems majority of vendors published patches for their systems at this stage.

    The only exception is Cisco that still has a long list of vulnerable apps:

    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

    Fabio


  • #6
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Yup most vendors Have now issued patches , thing is we all know that there are thousands out there that will not implement them. Here in trend micro we came up with intrusion prevention blocks on these before the vendors did themselves. :-) (And often still come up with 0 day blocks on new and emerging vulnerabilities.)

    No china or USA here .........


  • Advertisement
Advertisement