90% of popular SSL sites vulnerable to exploits, researchers find

Discussion in 'other security issues & news' started by lotuseclat79, Apr 27, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79
    Offline

    lotuseclat79 Registered Member

  2. BrandiCandi
    Offline

    BrandiCandi Guest

    Isn't that interesting?
  3. Wroll
    Offline

    Wroll Registered Member

    Nope, just normal business these days.
  4. Hungry Man
    Offline

    Hungry Man Registered Member

    Only the wrong patches. If servers forced TLS standards that aren't supported they would break for browsers that don't support them.
  5. chronomatic
    Offline

    chronomatic Registered Member

    I say to hell with all the people out there running IE 6. Either freaking upgrade or get left behind.

    Also. I would like to add that some of these researchers who carried out this study are literally the who's who in SSL:

    Taher Elgamal invented the Elgamal encryption algorithm which is used widely on the Internet. In other words, he is one of the foremost experts in the world on public-key encryption protocols.

    Basically, this study confirms what many of us have known for years -- SSL completely and utterly sucks. We need to redesign the system from scratch.
    Last edited: Apr 29, 2012
  6. funkydude
    Offline

    funkydude Registered Member

    IE6? You do realize we are STILL waiting for Firefox and Chrome to implement TLS 1.1 & 1.2, right? Websites won't implement something that all browsers can't use, and by the looks of it, Mozilla and Google won't implement something that websites aren't using. Nice loop.

    Not to mention the amount of misconfigured servers out there, which is why Microsoft has to turn off TLS 1.1 and 1.2 by default, and also why Google's recent attempt to speed up TLS failed. IE6 really is just a pin in a haystack of issues.
Thread Status:
Not open for further replies.