13-year-old SSL/TLS Weakness Exposing Sensitive Data in Plain Text http://thehackernews.com/2015/03/rc4-ssl-tls-security.html
On Tue, Mar 17, 2015 at 5:08 PM, someone <thisistheone8...@gmail.com> wrote: > How much do we bet in $$$ that March 19. will be an RC4 related security > bug? > > On Sat, Mar 7, 2015 at 3:33 PM, Stuart Henderson <s...@spacehopper.org> > wrote: > >> (ridiculous formatting adjusted) >> >> On 2015-03-06, someone <thisistheone8...@gmail.com> wrote: >> > SUGGEST> THE> WORLD> TO> ONLY> USE> PERFECT> FORWARD> SECRECY> AND> >> > REMOVE> ALL> THE> WEAK> CIPHERS> IN> LIBRESSL> AND> OPENSSL! > >> >> There is still not widespread support for PFS. Some of this is probably >> due to use of old software for whatever reason (slackness? not wanting to >> change something which has been tested?), some will be due to sites not >> wishing to increase CPU use (which PFS does). >> >> I just tried a handful of online banking sites in the qualys checker. >> Only *one* of the ones I tried (nice job triodos) supports PFS at all.
