Tuesday, September 17, 2013
Google's SSL/TSL is broken !
According to AlFardan, Bernstein, Paterson, Poettering and Schuldt (a
team from Royal Holloway, Eindhoven and UIC) the RC4 ciphersuite used in SSL/TLS is broken. If you choose to use it -- as do a ridiculous
number of major sites, including Google -- then it may be possible for a
dedicated attacker to recover your authentication cookies. The current
attack is just on the edge of feasibility, and could probably be
improved for specific applications.
___________________________
99% BAD HARDWARE WEEK: But some Google employees resisted
I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction. To quote from the article below: All SSL people will be under the sign of BEAST :::::)
___________________________
99% BAD HARDWARE WEEK: But some Google employees resisted
I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction. To quote from the article below: All SSL people will be under the sign of BEAST :::::)
THIS LINK posted by Joseph Bell : 10:47 PM
