Discussion in 'other security issues & news' started by lotuseclat79, Apr 27, 2012.
90% of popular SSL sites vulnerable to exploits, researchers find.
Isn't that interesting?
Nope, just normal business these days.
Only the wrong patches. If servers forced TLS standards that aren't supported they would break for browsers that don't support them.
I say to hell with all the people out there running IE 6. Either freaking upgrade or get left behind.
Also. I would like to add that some of these researchers who carried out this study are literally the who's who in SSL:
Taher Elgamal invented the Elgamal encryption algorithm which is used widely on the Internet. In other words, he is one of the foremost experts in the world on public-key encryption protocols.
Basically, this study confirms what many of us have known for years -- SSL completely and utterly sucks. We need to redesign the system from scratch.
IE6? You do realize we are STILL waiting for Firefox and Chrome to implement TLS 1.1 & 1.2, right? Websites won't implement something that all browsers can't use, and by the looks of it, Mozilla and Google won't implement something that websites aren't using. Nice loop.
Not to mention the amount of misconfigured servers out there, which is why Microsoft has to turn off TLS 1.1 and 1.2 by default, and also why Google's recent attempt to speed up TLS failed. IE6 really is just a pin in a haystack of issues.