MetaFilter posts tagged with ssl

Of course I want gimmicks, I'm a record producer!

Lanark — Mon, 15 Jun 2009 13:44:55 -0800

DVDs to save the music industry (video interview) Record Producers discuss illegal downloads, home studios and why 5.1 DVD sound just might be the future. And more - a further 180 interviews on the same site, Producers and Studios. These vary in size and quality, from large video files, to small audio streams for anyone still on a dial-up connection.

The Middler

sluglicker — Thu, 28 Aug 2008 10:48:28 -0800

Your Gmail account isn't secure. Announced at Defcon 16, Jay Beale's tool, The Middler (man-in-the-middle) to steal session ID from not only Gmail users, but LinkedIn, LiveJournal, Facebook, and presumably any site that uses a session-based cookie. Enable https permanently. (previously)

15 bits of crypto should be enough for anybody

finite — Fri, 16 May 2008 22:01:42 -0800

On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] How bad is it? It's pretty bad. Understand that these keys are used not only for encryption, but also for authentication. The keyspace has been reduced to a mere 32,768 possibilities, and you can already download them all, along with tools to use them. Worse still, in the days before the issue became publicly known, there was a noticeable spike in the number of brute-force attacks on SSH servers, indicating that there has already been significant exploitation of this vulnerability. Partial timeline of events: In May 2006, a bug led to a question which led to the fateful patch being applied to md_rand.c (in Debian's "unstable" development branch). In April 2007, Debian 4.0 "etch" and Ubuntu 7.04 were both released, which was the beginning of the inclusion of the buggy version of OpenSSL in officially-released distributions. The bug remained unfixed through the releases of Ubuntu 7.10 and 8.04. On May 7, 2008, the patch to fix the problem was committed to Debian's source repository, and on May 13 the issue was officially disclosed and updated packages were made available to users. (The patch's availability days before public disclosure of the bug appears to be a violation of Debian's policy.) Here are some responses from Debian blogs, and two from an OpenSSL developer.

Cesar Millan Ain't Got Nothin' On Me

schleppo — Thu, 28 Feb 2008 12:04:22 -0800

What do a balding man with a unique talent, shopping carts, and Extended Validation SSL Certificates have in common? Well, this: Liberty Fillmore: The Cart Whisperer (YT). Won't you think of the carts and visit No More Abandoned Carts today?

silusGROK — Mon, 23 Apr 2001 21:50:19 -0800

Eudora Releases 5.1... an incremental release is seldom worth a post, but with 5.1 comes support for SSL! Which makes me very happy: our SysAdmin banned us from hooking up to our mail server until we had an e-mail client that was A) SSL-enabled and B) not a product of Microsoft... finally! I can get my corporate e-mail without having it forwarded to my Yahoo! e-mail account! : )