New Vuln , Get yer Freak on ! SSL/TLS heaven.

dbit

http://thehackernews.com/2015/03/freak-openssl-vulnerability.html

dbit

SSL is dead so whats next , the vulnerabilities are popping up way to often for this old outdated platform ??

dbit

Hands up Microsoft , Oh dear .
https://technet.microsoft.com/en-us/library/security/3046015

Hotblack Desiato

Moral of the story is don't offer 20+ year old weak-ass encryption protocols on your server, and don't accept them on your client. Encryption is always a moving target, don't be the guy standing still for 20 years.

fcerullo

hi there,

I wrote a small piece on the FREAK vulnerability.

http://www.cycubix.com/?p=258

It seems majority of vendors published patches for their systems at this stage.

The only exception is Cisco that still has a long list of vulnerable apps:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

Fabio

dbit

Yup most vendors Have now issued patches , thing is we all know that there are thousands out there that will not implement them. Here in trend micro we came up with intrusion prevention blocks on these before the vendors did themselves. :-) (And often still come up with 0 day blocks on new and emerging vulnerabilities.)

No china or USA here .........