[Homeroast] Security issues are not SM's fault

Steve Hamm steve.hamm at gmail.com
Tue Mar 17 14:10:51 CDT 2015


Uh, yes it was a general problem. No, it isn't specific to mobile. Some
desktop (and mobile) browsers aren't yet patched.

The basic problem is a holdover from when the US government forbade exports
of high-grade encryption software. We had "export-grade" encryption support
which is pretty easy to break. This shouldn't be used anymore, but it's
been hanging around.

Both https website servers and clients (e.g. many browsers) are
susceptible. This can be fixed by either the server or the browser refusing
low-grade encryption connections. Test your browser here.
<https://freakattack.com/clienttest.html> Some should already be patched,
if you're current on updates. (And some, like Firefox, didn't need patches.)

On Tue, Mar 17, 2015 at 1:02 PM, Mike Davis <mldavis2 at sbcglobal.net> wrote:

> It has been posted before but I don't recall if it was on this group or
> not.
>
> There is a problem with SSL/TLS in general, not SM.  Here is a link to
> the US-CERT report on the problem.  It would appear to be a flaw in all
> mobile device operating systems.  I would suggest keeping your software
> and especially OS up to date, and use a desktop computer if you have
> one and not order from a smart phone until the software operating system
> vendors get their patches applied.  Both Microsoft Android and Apple
> operating
> systems are vulnerable.
>
> https://www.us-cert.gov/ncas/current-activity/2015/03/06/
> FREAK-SSLTLS-Vulnerability
>
> Mike Davis
>
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> http://www.avast.com
>
>
> _______________________________________________
> Homeroast mailing list
> Homeroast at lists.sweetmariascoffee.com
> http://lists.sweetmariascoffee.com/mailman/listinfo/homeroast_lists.
> sweetmariascoffee.com
> <a href="http://www.sweetmariascoffee.com/forum/">Sweet Maria's Forum</a>
> <a href="http://www.sweetmarias.com/library">Our new Coffee Library</a>
>


More information about the Homeroast mailing list