English Amiga Board

Go Back   English Amiga Board > News

Thread Tools
Old 22 February 2014, 19:34   #1
Registered User
jPV's Avatar
Join Date: Feb 2008
Location: RNO
Posts: 574
Amiga SSL Vulnerabilities

Harry "Piru" Sintonen reveals security issues on Amiga SSL implementations.
Critical vulnerabilities are found from IBrowse, SimpleMail and other programs.

Read more at https://sintonen.fi/advisories/amiga...rabilities.txt
jPV is offline  
AdSense AdSense  
Old 23 February 2014, 09:35   #2
Minuous's Avatar
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 1,753
Maybe I'm not understanding him, but it seems his issue is that AWeb etc. permit you to use a weak (meaning: less computationally expensive) encryption if you want to? I don't see how that is a problem...it's like saying Firefox or whatever allow you to use HTTP if you want, instead of forcing you to use HTTPS?
Minuous is offline  
Old 24 February 2014, 04:00   #3
Registered User
Join Date: Jan 2004
Location: Toronto / Canada
Posts: 65
It's a standard security problem. It's not the client choosing the downgrade. An active attacker on the network (between the client and the server) can force the client to downgrade to a protocol / cipher suite that is unacceptably weak.
poohbear is offline  
AdSense AdSense  

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 19:55.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Page generated in 0.07757 seconds with 11 queries