Show Navigation

Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

halcy:icosahedron: (halcy@icosahedron.website)'s status on Tuesday, 12-Dec-2017 11:22:04 EST halcy:icosahedron:

https://robotattack.org/ while we‘re all thinking about HACKING and THE NINETIES, here‘s a new RSA padding oracle vulnerability, affecting a wide array of big and small websites. Yes, in 2017!
In conversation Tuesday, 12-Dec-2017 11:22:04 EST from icosahedron.website permalink
Attachments
1. Invalid filename.
  
  The ROBOT Attack
  
  Return of Bleichenbacher's Oracle Threat - ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
1. Gadfly (-booq-) (gaditb@icosahedron.website)'s status on Tuesday, 12-Dec-2017 11:31:17 EST Gadfly (-booq-)
  in reply to
  
  @halcy
  Oh my god:
  """
  [Cisco ACE] devices don't support any other cipher suites, therefore disabling RSA is not an option. To our knowledge it is not possible to use these devices for TLS connections in a secure way.
  However, if you use these products you're in good company: As far as we can tell Cisco is using them to serve the cisco.com domain.
  """
  
  In conversation Tuesday, 12-Dec-2017 11:31:17 EST from icosahedron.website permalink

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.