[Operators] Suspicion of Jabbim services being hacked
sam at samwhited.com
Sat Dec 20 15:24:29 UTC 2014
On 12/20/2014 04:15 AM, Phil Pennock wrote:
> Probably because the Triple Handshakes Considered Harmful paper from
> earlier this year showed that using only the final message for channel
> binding was broken and vulnerable, so there are IETF drafts for fixes to
> TLS to provide something which actually offers a non-forgeable identity
> for channel binding but nothing concrete yet (when I last checked, which
> was a little while back now).
Oops, looks like you're right; for some reason I was under the
impression that the attack only worked on legacy SSL / poorly
implemented TLSv1. I'll double check later, but in the mean time, thanks
for the correction.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Operators