22 February 2014, 19:34 | #1 |
Registered User
Join Date: Feb 2008
Location: RNO
Posts: 1,006
|
Amiga SSL Vulnerabilities
Harry "Piru" Sintonen reveals security issues on Amiga SSL implementations.
Critical vulnerabilities are found from IBrowse, SimpleMail and other programs. Read more at https://sintonen.fi/advisories/amiga...rabilities.txt |
23 February 2014, 09:35 | #2 |
Coder/webmaster/gamer
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 2,631
|
Maybe I'm not understanding him, but it seems his issue is that AWeb etc. permit you to use a weak (meaning: less computationally expensive) encryption if you want to? I don't see how that is a problem...it's like saying Firefox or whatever allow you to use HTTP if you want, instead of forcing you to use HTTPS?
|
24 February 2014, 04:00 | #3 |
Registered User
Join Date: Jan 2004
Location: Toronto / Canada
Posts: 65
|
It's a standard security problem. It's not the client choosing the downgrade. An active attacker on the network (between the client and the server) can force the client to downgrade to a protocol / cipher suite that is unacceptably weak.
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
|
|