[Cryptography] FREAK attack
Tom Mitchell
mitch at niftyegg.com
Wed Mar 4 16:13:51 EST 2015
On Wed, Mar 4, 2015 at 9:18 AM, Jerry Leichter <leichter at lrw.com> wrote:
> Latest attack on SSL, affecting some huge percentage of both servers and
> clients: https://freakattack.com/
>
More than anything MITM services at Starbucks, hotels, Lenovo Laptop s*&@$
should be squashed at all levels (moral and legal). This includes cell
phone Stingray
like attacks. If there are no laws we need to craft good ones.
Yes, less secure code modules should be purged from all code bases, ASAP.
At best they were there in the troubled old days where export control
regulations mandated weak codes.
At one time recording phone conversations in all cases required an
announcement
and a beep on the line. Stingray like tools used when a head of state or
other declared
emergency is in effect in the area should announce and in an emergency
should announce and
optionally limit air time on a shared commons. I say this because it is
unlikely
that these tools will go away so a question is how can they be used in
contrast to
how they can be abused </twocents>.
^) BTW: s*&@$ = "stuff"
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150304/7e0e9edd/attachment.html>
More information about the cryptography
mailing list