[arch-general] Heads up: If you are using SSLv2 turn it off immediately
P. A. López-Valencia
vorbote at outlook.com
Thu Mar 3 15:15:58 UTC 2016
On jue, 2016-03-03 at 08:37 +0100, Nicolas F. wrote:
> On 01/03/16 23:23, P. A. López-Valencia wrote:
> >
> > The vulnerability is so bad[1], it doesn't only have a CVE number,
> > CVE-2016-0800[4], but a name and its own website: HTTPS
> > DROWN[1][2][3].
> Just as many other vulnerabilities these days, there is a marketing
> campaign behind them, probably to sell consultancy services.
>
> Anybody who's security-minded hasn't been using SSLv2 anyway.
>
>
In a perfect world, yes. But your assumption is not realistic. Not
everyone is following the latest news on infosec and it is not that
easy to disable on the server side. A reminder is always in order.
--
Pedro A. López-Valencia
http://about.me/palopezv
Recession is when your neighbor loses his job. Depression is when you
lose yours. -Ronald Reagan
More information about the arch-general
mailing list