Tuesday, June 9, 2015

An #Outsider Newsflash: On Security Vuneralibities

Our team received this from a contact at IBM that we felt was important to be noted here for reference:

The latest SSL/TLS attack (LOGJAM) is a cipher down-grade attack that exploits
olde ciphers, or weakened ciphers, or the order in which the 'best available' cipher
is negotiated.

How bad is the LOGJAM exploit?

- 8.4% of the Top-100 websites are vulnerable.
- 66% of the popular VPNs are vulnerable.

I like this list of cipher SSL/TLS suites. Server admins should consider adopting it
without additions or altering the cipher order.

https://www.grc.com/miscfiles/SChannel_Cipher_Suites.txt

The author does review & update the list periodically. 

No comments:

Post a Comment