SSL encryption hacked

Bob Sneidar bobs at twft.com
Wed Sep 21 17:12:24 EDT 2011


"The fatal flaw making exploitation possible is the failure of JavaServer Faces to implement AES/DES encryption algorithms correctly. The scheme provides no way to sign the ciphertext or authenticate the block cipher mode."

That says it all. Incorrect implementation of server software. 

Bob


> I highly doubt that SSL was hacked, that is the encryption method itself. They probably back or side doored it. 
> 
> Bob
> 
> 
> On Sep 21, 2011, at 4:09 AM, Claudi Cornaz wrote:
> 
>> Hi all,
>> 
>> I came across this article and altough I don't know much about this I thought it might interest some of you.
>> Hackers break SSL encryption used by millions of sites 
>> 
>> I don't know which version of SSL livecode server deploys, but apparently this might be something quite serious
>> and perhaps even a unique opportunaty for livecode server by being/becomming save.
>> 
>> Claudi
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 




More information about the use-livecode mailing list