SSL encryption hacked
Bob Sneidar
bobs at twft.com
Wed Sep 21 17:12:24 EDT 2011
"The fatal flaw making exploitation possible is the failure of JavaServer Faces to implement AES/DES encryption algorithms correctly. The scheme provides no way to sign the ciphertext or authenticate the block cipher mode."
That says it all. Incorrect implementation of server software.
Bob
> I highly doubt that SSL was hacked, that is the encryption method itself. They probably back or side doored it.
>
> Bob
>
>
> On Sep 21, 2011, at 4:09 AM, Claudi Cornaz wrote:
>
>> Hi all,
>>
>> I came across this article and altough I don't know much about this I thought it might interest some of you.
>> Hackers break SSL encryption used by millions of sites
>>
>> I don't know which version of SSL livecode server deploys, but apparently this might be something quite serious
>> and perhaps even a unique opportunaty for livecode server by being/becomming save.
>>
>> Claudi
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list