[BlueOnyx:17216] Re: 'FreakAttack' OpenSSL vulnerability?

Ralf Quint pcworxla at gmail.com
Thu Mar 5 16:31:07 -05 2015


On 3/4/2015 3:47 PM, Michael Stauber wrote:
> Hi Ralf,
>
>> http://it.slashdot.org/story/15/03/03/2036241/freak-attack-threatens-ssl-clients
> When the Crypto-Crisis began with the Snowden revelations we took a long
> and hard look at the encryption mechanisms in various BlueOnyx services
> - on all BlueOnyx versions past and present.
>
I asked because this is a more bit serious than it might appear at 
first. It has two sides that are possibly vulnerable, both the client 
side (web browser asking to use an outdated cipher suite) and the server 
side (like BlueOnyx, which might accept an outdated cipher suite for 
"secure" connection). And going by the fact that in the list of web 
sites tested vulnerable "high end" sites like americanexpress.com, 
bloomberg.com, businessinsider.com, groupon.com etc, I think it is 
better to be vigilant and check rather than just to assume that one 
isn't effected.
I am not as much concerned that any of those security agencies that you 
seem to have so much disdain for, are snooping around but this is 
something that crooks are going to try and exploit, specifically as a 
lot of "mythically" secure clients systems (Apples anyone?) are among 
those effected ad likely oblivious to the fact that their browser needs 
to be fixed...

Ralf
-- 
-- P.C.Worx * On-Site IT Services Phone: (323)744-1081 Mailing address: 
12021 Wilshire Blvd. #290, Los Angeles, CA 90025 www.pcworxla.com --

---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com




More information about the Blueonyx mailing list