[Operators] Suspicion of Jabbim services being hacked

Sam Whited sam at samwhited.com
Sat Dec 20 15:24:29 UTC 2014



On 12/20/2014 04:15 AM, Phil Pennock wrote:
> Probably because the Triple Handshakes Considered Harmful paper from
> earlier this year showed that using only the final message for channel
> binding was broken and vulnerable, so there are IETF drafts for fixes to
> TLS to provide something which actually offers a non-forgeable identity
> for channel binding but nothing concrete yet (when I last checked, which
> was a little while back now).

Oops, looks like you're right; for some reason I was under the
impression that the attack only worked on legacy SSL / poorly
implemented TLSv1. I'll double check later, but in the mean time, thanks
for the correction.


—Sam

-- 
Sam Whited
pub 4096R/54083AE104EA7AD3
https://blog.samwhited.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20141220/90301b9c/attachment.sig>


More information about the Operators mailing list