90% of popular SSL sites vulnerable to exploits, researchers find

Discussion in 'other security issues & news' started by lotuseclat79, Apr 27, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,562
  2. BrandiCandi

    BrandiCandi Guest

    Isn't that interesting?
     
  3. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    539
    Location:
    Italy
    Nope, just normal business these days.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,139
    Only the wrong patches. If servers forced TLS standards that aren't supported they would break for browsers that don't support them.
     
  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I say to hell with all the people out there running IE 6. Either freaking upgrade or get left behind.

    Also. I would like to add that some of these researchers who carried out this study are literally the who's who in SSL:

    Taher Elgamal invented the Elgamal encryption algorithm which is used widely on the Internet. In other words, he is one of the foremost experts in the world on public-key encryption protocols.

    Basically, this study confirms what many of us have known for years -- SSL completely and utterly sucks. We need to redesign the system from scratch.
     
    Last edited: Apr 29, 2012
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,654
    IE6? You do realize we are STILL waiting for Firefox and Chrome to implement TLS 1.1 & 1.2, right? Websites won't implement something that all browsers can't use, and by the looks of it, Mozilla and Google won't implement something that websites aren't using. Nice loop.

    Not to mention the amount of misconfigured servers out there, which is why Microsoft has to turn off TLS 1.1 and 1.2 by default, and also why Google's recent attempt to speed up TLS failed. IE6 really is just a pin in a haystack of issues.
     
Thread Status:
Not open for further replies.