Author Topic: Hackers break SSL encryption used by millions of sites (Read 850 times)

Duke McDukiedook · « **on:** September 23, 2011, 09:54:31 AM »

Holy poop, not good news.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

tramp · « **Reply #1 on:** September 24, 2011, 06:46:52 AM »

another reason to get off the web

CBGhia · « **Reply #2 on:** September 24, 2011, 10:42:45 AM »

They already have the fix. Upgrade the SSL certs and there is no problem. The only issue with that is that IE 6 will no longer work, old versions of Firefox and Safari will not work either. AOL browsers will mostly be broken and Web TV is screwed (yes, people still use that POS). We just did this at my company (I do tech support for a brokerage firm). We have had a lot of complaints from old browser users. I just have to tell them that we can keep it the same, but then how would they feel when someone took everything from their account.

Oh, and Old BlackBerrys and Android devices running 2.1 or earlier cannot use the higher level of encryption.

Duke McDukiedook · « **Reply #3 on:** September 24, 2011, 01:38:12 PM »

Yeah, I guess people don't want to change to newer versions unless the proverbial gun is pointed at their heads. More work for the IT kids on top of installing some crap for some manager.

DavePhipps · « **Reply #4 on:** September 24, 2011, 05:13:54 PM »

I sent this on to my network admin and project manager. I hope they act on it.

RustyStuff · « **Reply #5 on:** September 29, 2011, 03:11:26 PM »

Dammit.

lucky · « **Reply #6 on:** September 29, 2011, 03:50:17 PM »

Quote from: CBGhia on September 24, 2011, 10:42:45 AM

They already have the fix. Upgrade the SSL certs and there is no problem. The only issue with that is that IE 6 will no longer work, old versions of Firefox and Safari will not work either. AOL browsers will mostly be broken and Web TV is screwed (yes, people still use that POS). We just did this at my company (I do tech support for a brokerage firm). We have had a lot of complaints from old browser users. I just have to tell them that we can keep it the same, but then how would they feel when someone took everything from their account.

Oh, and Old BlackBerrys and Android devices running 2.1 or earlier cannot use the higher level of encryption.

SSL Certs, encryption,2.1 blah,blah blah....Just get a MAC and you will never have to hear any of this mumbo jumbo again.

I never know WHAT you IBM people are talking about.

RustyStuff · « **Reply #7 on:** September 29, 2011, 03:54:18 PM »

Quote from: lucky on September 29, 2011, 03:50:17 PM

Quote from: CBGhia on September 24, 2011, 10:42:45 AM
They already have the fix. Upgrade the SSL certs and there is no problem. The only issue with that is that IE 6 will no longer work, old versions of Firefox and Safari will not work either. AOL browsers will mostly be broken and Web TV is screwed (yes, people still use that POS). We just did this at my company (I do tech support for a brokerage firm). We have had a lot of complaints from old browser users. I just have to tell them that we can keep it the same, but then how would they feel when someone took everything from their account.

Oh, and Old BlackBerrys and Android devices running 2.1 or earlier cannot use the higher level of encryption.

SSL Certs, encryption,2.1 blah,blah blah....Just get a MAC and you will never have to hear any of this mumbo jumbo again.

I never know WHAT you IBM people are talking about.

Some of us poor people can't afford to sign away our first born for a Mac.
I can't even afford a new PC.

Duke McDukiedook · « **Reply #8 on:** September 29, 2011, 04:28:48 PM »

Sorry man, I can't put it in simpler terms for drooling, mouthbreathing apple fanboys to understand.

CBGhia · « **Reply #9 on:** September 30, 2011, 04:23:05 AM »

Quote from: lucky on September 29, 2011, 03:50:17 PM

Quote from: CBGhia on September 24, 2011, 10:42:45 AM
They already have the fix. Upgrade the SSL certs and there is no problem. The only issue with that is that IE 6 will no longer work, old versions of Firefox and Safari will not work either. AOL browsers will mostly be broken and Web TV is screwed (yes, people still use that POS). We just did this at my company (I do tech support for a brokerage firm). We have had a lot of complaints from old browser users. I just have to tell them that we can keep it the same, but then how would they feel when someone took everything from their account.

Oh, and Old BlackBerrys and Android devices running 2.1 or earlier cannot use the higher level of encryption.

SSL Certs, encryption,2.1 blah,blah blah....Just get a MAC and you will never have to hear any of this mumbo jumbo again.

I never know WHAT you IBM people are talking about.

You do realize that SSL encryption does not care what type of operating system you use, right? They can steal data just as easily on a mac, easier really, if you use Safari. That is one of the worst browsers on earth for security, use Firefox or Chrome.

Older browsers like Safari 4 or IE 6 cannot handle the upgraded encryption level of the new SSL cert. I have an older mac. it can't use our new cert. I can "trust" the certificate, but Safari can't identify it.

The reality is, Macs are good computers, but if you are getting one because you want something easier to use, don't. If you want something that will never get a virus, don't. If you want something to process boat loads of video, OK. If you want to look like a hipster elitist, Perfect!

Artf0rm · « **Reply #10 on:** September 30, 2011, 07:04:59 AM »

Quote

You do realize that SSL encryption does not care what type of operating system you use, right? They can steal data just as easily on a mac, easier really, if you use Safari. That is one of the worst browsers on earth for security, use Firefox or Chrome.

Older browsers like Safari 4 or IE 6 cannot handle the upgraded encryption level of the new SSL cert. I have an older mac. it can't use our new cert. I can "trust" the certificate, but Safari can't identify it.

The reality is, Macs are good computers, but if you are getting one because you want something easier to use, don't. If you want something that will never get a virus, don't. If you want something to process boat loads of video, OK. If you want to look like a hipster elitist, Perfect!

Don't help the hipsters, CBGhia. I totally want access to whatever bank account their trust fund is stored in... I think it really comes down to the internet being like magic to most people. Asymmetric encryption or digitally signed and encrypted enveloping is only as good as the math behind it. Eventually the hardware crunching power catches up with the math and the nerds have to get back in the lab. Most people aren't aware of any of that because when they use their one button mouse to pilot their little white box to the store on the interwebs to buy DRM music with their credit card connected to an account where their password is (Iloveskinnyjeans!) they don't understand that you can use that info to, oh I don't know... make large donations to organizations to the terrorist watch list for the purpose of having them get "special treatment" in the Security line at the airport or simply buy a boat.

SOHC/4 Owners Club Forums

News:

Author Topic: Hackers break SSL encryption used by millions of sites (Read 850 times)

Duke McDukiedook

Hackers break SSL encryption used by millions of sites

tramp

Re: Hackers break SSL encryption used by millions of sites

CBGhia

Re: Hackers break SSL encryption used by millions of sites

Duke McDukiedook

Re: Hackers break SSL encryption used by millions of sites

DavePhipps

Re: Hackers break SSL encryption used by millions of sites

RustyStuff

Re: Hackers break SSL encryption used by millions of sites

lucky

Re: Hackers break SSL encryption used by millions of sites

RustyStuff

Re: Hackers break SSL encryption used by millions of sites

Duke McDukiedook

Re: Hackers break SSL encryption used by millions of sites

CBGhia

Re: Hackers break SSL encryption used by millions of sites

Artf0rm

Re: Hackers break SSL encryption used by millions of sites