[arch-general] Heads up: If you are using SSLv2 turn it off immediately

P. A. López-Valencia vorbote at outlook.com
Thu Mar 3 15:15:58 UTC 2016

On jue, 2016-03-03 at 08:37 +0100, Nicolas F. wrote:
> On 01/03/16 23:23, P. A. López-Valencia wrote:
> > 
> > The vulnerability is so bad[1], it doesn't only have a CVE number, 
> > CVE-2016-0800[4], but a name and its own website: HTTPS
> > DROWN[1][2][3].
> Just as many other vulnerabilities these days, there is a marketing
> campaign behind them, probably to sell consultancy services.
> Anybody who's security-minded hasn't been using SSLv2 anyway.

In a perfect world, yes. But your assumption is not realistic. Not
everyone is following the latest news on infosec and it is not that
easy to disable on the server side. A reminder is always in order.

Pedro A. López-Valencia
Recession is when your neighbor loses his job. Depression is when you
lose yours. -Ronald Reagan

More information about the arch-general mailing list