SSL encryption hacked
stephen barncard
stephenREVOLUTION2 at barncard.com
Wed Sep 21 18:20:27 EDT 2011
So we're all screwed?
On 21 September 2011 14:12, Bob Sneidar <bobs at twft.com> wrote:
> "The fatal flaw making exploitation possible is the failure of JavaServer
> Faces to implement AES/DES encryption algorithms correctly. The scheme
> provides no way to sign the ciphertext or authenticate the block cipher
> mode."
>
> That says it all. Incorrect implementation of server software.
>
> Bob
>
>
Stephen Barncard
San Francisco Ca. USA
more about sqb <http://www.google.com/profiles/sbarncar>
More information about the use-livecode
mailing list