[BlueOnyx:17216] Re: 'FreakAttack' OpenSSL vulnerability?
Ralf Quint
pcworxla at gmail.com
Thu Mar 5 16:31:07 -05 2015
On 3/4/2015 3:47 PM, Michael Stauber wrote:
> Hi Ralf,
>
>> http://it.slashdot.org/story/15/03/03/2036241/freak-attack-threatens-ssl-clients
> When the Crypto-Crisis began with the Snowden revelations we took a long
> and hard look at the encryption mechanisms in various BlueOnyx services
> - on all BlueOnyx versions past and present.
>
I asked because this is a more bit serious than it might appear at
first. It has two sides that are possibly vulnerable, both the client
side (web browser asking to use an outdated cipher suite) and the server
side (like BlueOnyx, which might accept an outdated cipher suite for
"secure" connection). And going by the fact that in the list of web
sites tested vulnerable "high end" sites like americanexpress.com,
bloomberg.com, businessinsider.com, groupon.com etc, I think it is
better to be vigilant and check rather than just to assume that one
isn't effected.
I am not as much concerned that any of those security agencies that you
seem to have so much disdain for, are snooping around but this is
something that crooks are going to try and exploit, specifically as a
lot of "mythically" secure clients systems (Apples anyone?) are among
those effected ad likely oblivious to the fact that their browser needs
to be fixed...
Ralf
--
-- P.C.Worx * On-Site IT Services Phone: (323)744-1081 Mailing address:
12021 Wilshire Blvd. #290, Los Angeles, CA 90025 www.pcworxla.com --
---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com
More information about the Blueonyx
mailing list