From: Dale <rdalek1967@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Heartbleed fix - question re: replacing self-signed certs with real ones
Date: Sun, 20 Apr 2014 13:36:52 -0500 [thread overview]
Message-ID: <535413C4.6000605@gmail.com> (raw)
In-Reply-To: <201404201338.53817.michaelkintzios@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3025 bytes --]
Mick wrote:
> On Sunday 20 Apr 2014 10:10:42 Dale wrote:
>> Mick wrote:
>
>>> SSL-Session:
>>> Protocol : TLSv1
>>> Cipher : RC4-MD5
>>>
>>> ======================================
>>>
>>> RC4 is considered completely broken today, even for Microsoft! :-)
>>>
>>> http://en.wikipedia.org/wiki/RC4
>>>
>>> The good news are that your bank's servers do not leak any secrets at
>>> this moment and it seems they never did (they use SUN servers).
>>
>> Yet. I would rather not be the next customer to have his ID stolen like
>> Target, I think the chain Micheal's was stolen in the past couple days
>> but not positive on that yet.
>>
>> That bank is not a small bank and I pay fees each month for them to be
>> able to keep their stuff updated. If they can't be bothered to keep it
>> updated and then turn around and give me a card that sucks, well, oh
>> well. < picture a thumbs up here >
>
> Just a 1/3 of all websites offer TLSv1.2 at the moment and hardly any
public
> sites offer it as an exclusive encryption protocol, because they would
lock
> out most of their visitors. This is because most browsers do not yet
support
> it. MSWindows 8.1 MSIE 11 now offers TLSv1.2 by default and has
dropped the
> RC4 cipher (since November last year). I understand they are planning
to drop
> SHA-1 next Christmas and have already dropped MD5 because of the Flame
> malware. This should push many websites to sort out their encryption
and SSL
> certificates and move away from using RC4 and SHA1 or MD5. As I said
RC4 has
> been reverted to by many sites as an immediate if interim defence
against the
> infamous BEAST and Lucky Thirteen attacks.
>
> According to the Netcraft SSL Survey (May 2013) only a third of all web
> servers out there offer Perfect Forward Secrecy to ensure that even if
the
> encryption keys were to be compromised, previous communications cannot be
> retrospectively decrypted.
>
> Elliptic Curve algorithms are not yet included in many browsers and in
any
> case the security of these in a post-Snowden world should be questionable
> (well, at least the arbitrarily specified NIST-NSA sponsored curves,
which
> OpenSSL is heavily impregnated with).
>
> What I'm saying is that there may be no perfect banking website out
there,
> because Internet security is screwed up at the moment, but it is
always worth
> looking for a better bet.
>
Well, my bank only got a C for it's grade. For what it costs every
month, it should get a A+. I don't have one of those free checking
accounts. I pay fees each month for mine. Plus I have already been
planning to switch ever since they switched my debit card from Visa to
Discover. I'm tired of finding something online or going into a
business to buy something and then find out they don't take Discover.
It's just a matter of speed of switching that has changed.
Basically, just one more nail in the coffin.
Dale
:-) :-)
--
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!
[-- Attachment #2: Type: text/html, Size: 4397 bytes --]
next prev parent reply other threads:[~2014-04-20 18:37 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-16 10:52 [gentoo-user] Heartbleed fix - question re: replacing self-signed certs with real ones Tanstaafl
2014-04-16 11:14 ` Matti Nykyri
2014-04-16 17:56 ` Tanstaafl
2014-04-17 5:59 ` Matti Nykyri
2014-04-17 6:10 ` Mick
2014-04-17 14:40 ` Matti Nykyri
2014-04-17 15:49 ` Mick
2014-04-17 16:54 ` Joe User
2014-04-17 18:43 ` Matti Nykyri
2014-04-17 20:17 ` [gentoo-user] " walt
2014-04-18 5:50 ` Matti Nykyri
2014-04-18 14:27 ` Dale
2014-04-18 16:45 ` Mick
2014-04-18 18:08 ` Dale
2014-04-18 19:01 ` Mick
2014-04-18 20:27 ` Dale
2014-04-18 23:33 ` Mick
2014-04-19 15:29 ` Dale
2014-04-19 15:43 ` Matti Nykyri
2014-04-19 19:33 ` Dale
2014-04-19 19:43 ` Joe User
2014-04-19 21:23 ` Dale
2014-04-20 0:18 ` Peter Humphrey
2014-04-20 8:49 ` Mick
2014-04-20 9:21 ` Matti Nykyri
2014-04-20 10:26 ` Mick
2014-04-19 16:11 ` Mick
2014-04-19 18:41 ` Dale
2014-04-20 8:27 ` Mick
2014-04-20 9:10 ` Dale
2014-04-20 12:38 ` Mick
2014-04-20 16:40 ` Matti Nykyri
2014-04-20 17:20 ` Joe User
2014-04-21 6:57 ` Matti Nykyri
2014-04-20 18:36 ` Dale [this message]
2014-04-19 11:51 ` [gentoo-user] " Mick
2014-04-19 13:17 ` Joe User
2014-04-19 15:38 ` Matti Nykyri
2014-04-19 16:40 ` Joe User
2014-04-19 17:14 ` Mick
2014-04-20 23:20 ` Mick
2014-04-21 7:11 ` Matti Nykyri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=535413C4.6000605@gmail.com \
--to=rdalek1967@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox