Link

Cloudflare Writes On The Deprecation Of RC4

The move away from RC4 to AES is a sensible pre-emptive action being taken by those in the industry. Cloudflare recently wrote a blog post detailing their rationale for removing RC4 as a supported cipher for modern browsers using TLS 1.1 or greater. I re-iterate that RC4 has not been demonstrably broken but it would appear only a matter of time.

Advertisements

New Warrant Canary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


 WARRANT    _))               Mike The Goat
 CANARY    > *\     _~        B7A04065 4096R exp 20151026 (current)
           `;'\\__-' \_       6054D4D2 4096R exp 20140104 (expired)
              | )  _ \ \      https://mikethegoat.wordpress.com
             / / ``   w w     ..> retrieve email from PGP metadata <..
            w w

I, the author of the blog known as Mike The Goat and identified by
ownership of the private key of B7A04065 categorically state under
penalty of perjury, that I am not an employee of any United States
government organization including but not limited to the FBI, NSA,
CIA or ATF. Furthermore I declare that I am not an employee of a
state government, nor am I an employee, member or volunteer of any
law enforcement agency both in the United States and abroad.

As at 06:38 PDT (2338Z) on Monday the 12th of May I have received
no communications from any government agency invoking FISA or
similar provisions to compel both my cooperation and my silence by
prohibiting discussion of the order and its content.

While I understand that the aforementioned legislation, despite it
being blatanly unconstitutional can be used to 'gag' those named
within, I will not sign any declaration if any of the information
contained within it is not truthful or misleading. I will comply
with this even if it ultimately results in the contravention of a
court (an illegal and unconstitional one at that) order.

As I write this declaration the DAX is at 9,672.81 with Au and Ag
at 1291.1 and 19.550 respectively. Reuters headlines include
"Franco-German show of unity masks policy divide" while the front
page of USA Today's website reads "Report: New video shows missing
Nigeria schoolgirls." Bloomberg reports "Russia Hails Local Votes
to Split From Ukraine as EU Imposes Sanctions." This information
is appended to each declaration to prove that this text really was
composed and digitally signed on the date declared to eliminate
the possibility that the declarations were signed en masse at an
earlier date. More information is available on my blog.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (FreeBSD)

iQIcBAEBAgAGBQJTcN+NAAoJEOdnV5y3oEBlLwoQALIO+YFsrK7OnWiyWzVEK6uu
Q9p1QK/+tZ0v4MrJwBmjHgGN++igrGOnsco+rupOe6aXkI901vzgYzLR4Dq33kft
HjDaI59m98qYDvyd57q0vcBzwEIWE27WjhcMkPDpm3zUuIVPlerOUXN7/hMpapjQ
K+55MrEmuvFHEV/ZKvCfyk1b5ZfQXsNUJ2/NQpxZ6UmdTmLAKBAj1Edwkfbtx32B
BFsCB37cfT+yeU5RbCpdQpvnzekVCF1lD3p/RLPB1Zf676aq0QRxiE50rvpH+LWr
7dUgEimEL7t1TQF607AAii6MjPYfIQREjf6vmMeN4jS+h2qiyI8Y6MMfuw1tIW45
xbpGe0j1MTq0O0D0G4/dZfa1isOgQcSXhSp0x1qfvrhKwNNKuoOBcC/6PI9KEbkj
EHAviO9mVVqYfticllUK46v28PLM9dDS/UQmlc9JzG5SRQuIo6CnqPU6/PNH5AHE
36fJ65FzNZjpnbNC3q7LBHqaVhdZxQJd8FsTU08/HqyOmUGDDIKWMyGSoKIxIAvZ
4k8nFc/k+I7S0YH+UXILeDESw9EtF/CQXWOZFH7oi2m/Q91MBz8c67DI6THYwA80
6hw8OsLN2hI+Su2ZFhtiwMX/Eo5Wlh7clZQFLi6/C3GnHc1uRMY+0000jCph9yck
cviQC5SRPEizqSG5mtk+
=URE8
-----END PGP SIGNATURE-----

Link

Wang Jing, a PhD student at a Singaporean university has discovered a vulnerability in OpenID and OAuth. While not earth shattering, with sites like Facebook relying on it to authenticate their users the impact of such a vulnerability could be non trivial.

Microsoft Releases Patch for Deprecated Windows XP IE

Aside

Microsoft clearly understands the importance of keeping their userbase patched up and has rolled out the fix for the recent IE vulnerability via Windows Update to Windows XP users despite claiming that no further updates will be forthcoming after April 1.

The reality is that the install base of legacy Windows XP systems remains significant and many larger organizations need a considerable amount of time to migrate. The decision to release this patch was a sensible response.