On Sun, Mar 8, 2015 at 5:22 PM, Ish Sookun <ish_at_hacklog.in> wrote:
> Hello,
>
> Strangely, the CERT-MU website[1] speaks openly about the hand of NSA[2] in
> the FREAK vulnerability[3] affecting OpenSSL while mainstream websites have
> avoided the same.
They copy-pasted from the article they quoted.
FYI, LibreSSL is not vulnerable because we chain-sawed EXPORT suite
along with FIPS, a while ago :-)
>
> [1]
> http://cert-mu.govmu.org/English/Pages/Information%20Security%20News/2015/FREAK-Out-Yet-Another-New-SSLTLS-Bug-Found.aspx
> [2] National Security Agency (United States of America)
> [3]
> http://www.computerworld.com/article/2892926/time-to-freak-out-how-to-tell-if-youre-vulnerable.html
>
> Regards,
>
> Ish Sookun
>
> - Geek by birth, Linux by choice.
> +-+-+-+-+-+-+-+-+-+-+
> |H|A|C|K|L|O|G|.|i|n|
> +-+-+-+-+-+-+-+-+-+-+
>
> https://twitter.com/IshSookun ^^ Do you tweet?
--
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
Received on Sun Mar 08 2015 - 18:04:25 PST