The move away from RC4 to AES is a sensible pre-emptive action being taken by those in the industry. Cloudflare recently wrote a blog post detailing their rationale for removing RC4 as a supported cipher for modern browsers using TLS 1.1 or greater. I re-iterate that RC4 has not been demonstrably broken but it would appear only a matter of time.
-----BEGIN PGP SIGNED MESSAGE-----
WARRANT _)) Mike The Goat CANARY > *\ _~ B7A04065 4096R exp 20151026 (current) `;'\\__-' \_ 6054D4D2 4096R exp 20140104 (expired) | ) _ \ \ https://mikethegoat.wordpress.com / / `` w w ..> retrieve email from PGP metadata <.. w w
I, the author of the blog known as Mike The Goat and identified by
ownership of the private key of B7A04065 categorically state under
penalty of perjury, that I am not an employee of any United States
government organization including but not limited to the FBI, NSA,
CIA or ATF. Furthermore I declare that I am not an employee of a
state government, nor am I an employee, member or volunteer of any
law enforcement agency both in the United States and abroad.
As at 06:38 PDT (2338Z) on Monday the 12th of May I have received
no communications from any government agency invoking FISA or
similar provisions to compel both my cooperation and my silence by
prohibiting discussion of the order and its content.
While I understand that the aforementioned legislation, despite it
being blatanly unconstitutional can be used to 'gag' those named
within, I will not sign any declaration if any of the information
contained within it is not truthful or misleading. I will comply
with this even if it ultimately results in the contravention of a
court (an illegal and unconstitional one at that) order.
As I write this declaration the DAX is at 9,672.81 with Au and Ag
at 1291.1 and 19.550 respectively. Reuters headlines include
"Franco-German show of unity masks policy divide" while the front
page of USA Today's website reads "Report: New video shows missing
Nigeria schoolgirls." Bloomberg reports "Russia Hails Local Votes
to Split From Ukraine as EU Imposes Sanctions." This information
is appended to each declaration to prove that this text really was
composed and digitally signed on the date declared to eliminate
the possibility that the declarations were signed en masse at an
earlier date. More information is available on my blog.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (FreeBSD)
-----END PGP SIGNATURE-----
Wang Jing, a PhD student at a Singaporean university has discovered a vulnerability in OpenID and OAuth. While not earth shattering, with sites like Facebook relying on it to authenticate their users the impact of such a vulnerability could be non trivial.
Microsoft clearly understands the importance of keeping their userbase patched up and has rolled out the fix for the recent IE vulnerability via Windows Update to Windows XP users despite claiming that no further updates will be forthcoming after April 1.
The reality is that the install base of legacy Windows XP systems remains significant and many larger organizations need a considerable amount of time to migrate. The decision to release this patch was a sensible response.