ha ha ha ha
/me cries
ha ha ha ha
/me cries
Oracle really has announced they are killing the Java browser plugin though.
So yâall ready for DROWN hysteria?
I honestly like the custom of assigning cutesy names to exploits. So much easier than trying to remember a CVE number or something! Still, it seems like itâs just a matter of time before we get one named OMIGODWEREALLGONNADIE.
I havenât finished reading the paper yet, but so far it looks like if youâve already got SSLv2 turned off on your systems (like you obviously should have) this drown vulnerability is a non-event.
Most browsers, for example, donât even support SSLv2 or only support if you explicitly go turn it on (like a dumbass).
The problem seems to have resulted from people saying âI donât have to bother turning off SSLv2 in the server, itâs already turned off in the browserâ.
But Iâve been turning it off in the servers for a coonâs age. Youâd think FIPS would be a stock item on the server security checklist at this point⌠but⌠well⌠see the title of this threadâŚ
Itâs weird that there are still are servers out there running SSLv2 (or at least the DROWN people make that claim). Itâs had known weaknesses for a decade or so, and is among of the first things to turn off when youâre setting up https.
In other computer security is shit fun⌠we are updating to Rational 8 right now. IT STILL REQUIRES AN ACCOUNT WITH LOCAL ADMIN ACCESS (and this is a domain account so it can talk to the license server and of course we canât have one for each user) to run the license broker so you can get license tokens. WTFF? (I just had to walk over to a desk and type in the password on a users machine as they were installing a non standard component that wanted that typed in again) Also it isnât smart card aware (well technically the fat client is cause it uses your cached login credentials). I have been using chip+pin log in for 10+ fucking years and IBM canât figure out how to integrate that with the windows clients already? It is still âin the next versionâ but also the next version is where they are pushing everyone to the Eclipse/Web Client which even if you have stored windows credentialss on your machine you have to enter a userid/password and no way to insert a smart badge if you need a separate login.
Head>Desk.
Well who thought this was a good idea?
http://krebsonsecurity.com/2016/03/spammers-abusing-trust-in-us-gov-domains/
The kind of people willing to work for government pay?
This topic was automatically closed after 373 days. New replies are no longer allowed.