Wow, twenty years later, bad policy is still causing problems.
The object of my wrath is rather different from Tim Minchin’s, but the sentiment is identical.
Warning: strong language, NSFW, etc.
This page has far better information on this than the news media http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
Apparently it affects anything using open ssl or Apple Secure Transport. That means safari on desktop was affected and these browsers that use open ssl (ie chrome for android and others) http://security.stackexchange.com/questions/59184/which-browsers-are-using-openssl
The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker “export-grade” products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year. –Washington Post
Oh, shipping bad product is certainly nothing that reflects poorly on insanely wealthy companies reaping massive profits without providing infallible security, and in fact it’s clearly and definitely and entirely the fault of the US government… for having a bad policy that they got rid of a decade ago.
Someone left the cake out in the rain
I don’t think that I can take it
'Cause it took so long to bake it
And I’ll never have that recipe again
Oh noooooo, o-oh no-ooooo
Seems quite normal by US standards esp. when it’s foreign affairs related.
Remember this 9/11 thing and this silly Osama guy with his Al Qaida and Taliban friends … oops another 20 year old gaffe at the time
That’s what you get for obeying the law.
Back in late 90’s, as a young cypherpunk, my systems, both personal (my and some friends’) and in my job, ran on non-export versions of the DLLs. Similar for the servers. Having a web host in a US-based server of course helped a great way in obtaining downloads from servers that did geolocation checking; just wget it from the US and then ftp it home.
Fuck the export restrictions and the high horse they rode on in.
Disabling the export cipher suites is generally a good idea. If you patch the systems to log the cipher negotiated (or just enable it in the config if natively able), grepping the logs will tell you how big proportion of users you will affect negatively.
This topic was automatically closed after 5 days. New replies are no longer allowed.