SSL encryption hacked
bobs at twft.com
Wed Sep 21 17:12:24 EDT 2011
"The fatal flaw making exploitation possible is the failure of JavaServer Faces to implement AES/DES encryption algorithms correctly. The scheme provides no way to sign the ciphertext or authenticate the block cipher mode."
That says it all. Incorrect implementation of server software.
> I highly doubt that SSL was hacked, that is the encryption method itself. They probably back or side doored it.
> On Sep 21, 2011, at 4:09 AM, Claudi Cornaz wrote:
>> Hi all,
>> I came across this article and altough I don't know much about this I thought it might interest some of you.
>> Hackers break SSL encryption used by millions of sites
>> I don't know which version of SSL livecode server deploys, but apparently this might be something quite serious
>> and perhaps even a unique opportunaty for livecode server by being/becomming save.
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the Use-livecode