SSL encryption hacked

stephen barncard stephenREVOLUTION2 at barncard.com
Wed Sep 21 17:20:27 CDT 2011


So we're all screwed?


On 21 September 2011 14:12, Bob Sneidar <bobs at twft.com> wrote:

> "The fatal flaw making exploitation possible is the failure of JavaServer
> Faces to implement AES/DES encryption algorithms correctly. The scheme
> provides no way to sign the ciphertext or authenticate the block cipher
> mode."
>
> That says it all. Incorrect implementation of server software.
>
> Bob
>
>
Stephen Barncard
San Francisco Ca. USA

more about sqb  <http://www.google.com/profiles/sbarncar>


More information about the use-livecode mailing list