Results 1 to 4 of 4
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    704
    Thanks
    11
    Thanked 68 Times in 53 Posts

    Can you trust the SSL protocols anymore?




    PATCH WATCH


    Can you trust the SSL protocols anymore?


    By Susan Bradley

    Hard on the heels of the counterfeit SSL certificates scandal comes a new SSL security threat.

    A recent ekoparty Security Conference in Argentina broke the news that encrypted SSL/TLS traffic is vulnerable to attack. But should we rush to install the workarounds?

    The full text of this column is posted at Windowssecrets.com/patch-watch/can-you-trust-the-SSL-protocols-anymore/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Sep 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Opera 11.51 currently supports TLS 1.1 and TLS 1.2, both of which are disabled by default.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Posts
    23
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Advice that this issue can be circumvented by using TLS1.1 or higher is misguided. Currently only 0.25% of web servers support TLS1.1 and a mere 0.02% TLS1.2, a situation that is unlikely to change soon. Hackers will have no problem finding secure sites that are vulnerable.... Opera has supported both protocols for several years, but it has been disabled by default as some of those few servers which did support it failed due to poor implementation on some servers.

    An excellent blog post on Opera's situation can be found at http://my.opera.com/securitygroup/bl...-ssl-tls-issue Opera is not itself vulnerable to the exploit but it can be exploited via a Java applet due to a vulnerability in Java outside Opera's responsibility.

  4. #4
    New Lounger
    Join Date
    Oct 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Is there a link to the "Regularly updated problem-patch chart" at the end of the column? Can the list be seen in its entirety?

    Seems like a very useful reference list for me (a Windows Server admin / patch admins for a midsize company with 1700+ desktops and servers).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •