Date: Sun, 08 Sep 2013 22:41:55 -0700 From: Darren Pilgrim <list_freebsd@bluerosetech.com> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-security@freebsd.org Subject: Re: Anything in this story of concern? Message-ID: <522D5FA3.7020701@bluerosetech.com> In-Reply-To: <20130909144142.J99094@sola.nimnet.asn.au> References: <20130909144142.J99094@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/8/2013 9:44 PM, Ian Smith wrote: > <http://www.abc.net.au/news/2013-09-06/new-snowden-documents-say-nsa-can-break-common-internet-encrypt/4940138>; Have a look at estimates on the number of internet servers and desktops still vulnerable to BEAST, CRIME, et al. That's for the population of devices where updating the SSL library is about as easy as it gets. Now consider all those network devices and embedded systems with outdated firmware or where updating the embedded https/ssh server is impossible or the vendor won't bother. It's known the NSA prefers taps in central locations (like switches and routers) for better coverage efficiency. Combine these and the question of whether or not they're listening is one of capacity, not capability. This isn't really news, though. If you're worried about it, make sure your stuff uses TLS v1.2 with strong ciphers and large keys.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?522D5FA3.7020701>