Wednesday, April 16, 2014

Internet of NSA things: Open SSL is not the only case

Polar SSL still uses weakened Intel's random generator.
99% BAD HARDWARE WEEK: And it is used in some 25 system files.
CTR_DRBG based on AES-256 (NIST SP 800-90). As you know Polar SSL is intended for embeded and IoT connected things !, with the minimum complete TLS stack requiring under 60KB of program space and under 64KB of RAM

LATEST: Heartbleed exploits have begun Even 19 years old could do it, why not NSA ?
Luckily latest impact report from National Cyber Awareness System finds that thanks gods, clay tablets are not impacted at all !

CVSS Severity (version 2.0):  CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity (Required attack complexity): Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information


Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?