Anything in this story of concern?
Darren Pilgrim
list_freebsd at bluerosetech.com
Mon Sep 9 05:42:07 UTC 2013
On 9/8/2013 9:44 PM, Ian Smith wrote:
> <http://www.abc.net.au/news/2013-09-06/new-snowden-documents-say-nsa-can-break-common-internet-encrypt/4940138>
Have a look at estimates on the number of internet servers and desktops
still vulnerable to BEAST, CRIME, et al. That's for the population of
devices where updating the SSL library is about as easy as it gets. Now
consider all those network devices and embedded systems with outdated
firmware or where updating the embedded https/ssh server is impossible
or the vendor won't bother.
It's known the NSA prefers taps in central locations (like switches and
routers) for better coverage efficiency. Combine these and the question
of whether or not they're listening is one of capacity, not capability.
This isn't really news, though. If you're worried about it, make sure
your stuff uses TLS v1.2 with strong ciphers and large keys.
More information about the freebsd-security
mailing list