I got this interesting email today.
It's refering to a study I did almost two years ago
which surveyed https (SSL) servers's crypto strength.
For a while I had the list of weak-crypto servers on my site; I took
it down after getting too many complaints, but it was accidentally
left in a copy elsewhere on my site that got indexed. I've deleted
the list from that copy as well, on the theory that the list is nearly
2 years old and there is a web page for checking a site in real time
that's linked from the paper, and the results from that are up to date.
The date is prominent in the results page, but still I wouldn't want to
unfairly label a site as weak in 2-year-old data if they have updated
their site to use better crypto.
It's interesting that someone sounding like they're from Bear Stearns
would use an external account to make this request rather than doing so
from Bear Stearns directly.
I replied that I'd consider it if I got a request from BearStearns, but
that I might post such a request on my web site to let people know that
BearStearns is trying to suppress legitimate security research. I also
pointed out that this information isn't secret; anyone can disccover
that they are using a weak key by connecting and clicking on a button
in their browser.
They're using a 512-bit key, so if I had a current list of
weak servers, they would be on it.
Eric
----- Forwarded message from garww <[EMAIL PROTECTED]> -----
X-EM-Version: 5, 0, 0, 4
X-EM-Registration: #01E0520310450300B900
X-Priority: 3
X-Mailer: My Own Email v4.00
From: "garww" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: cached web pages
Date: Fri, 5 Apr 2002 06:52:59 -0600
We wonder what your motivation would be to post the names of firms in
your detailed survey results page?
Did your lawyer not question this practice?
Please get these removed from the search engines.
THX
gar
Web Images Groups Directory
Searched the web for murray www.bearstearns.com. Results 1 - 10 of about
15. Search took 0.22 seconds.
Mortgage Banker Websites
... Bear Stearns Mortgage Company. http://www.bearstearns.com/. Budget
Mortgage Bankers,
Ltd. ... com. http://www.mortgageexpo.com/. Murray Financial Associates,
Inc. ...
www.banking.state.ny.us/mortlink.htm - 55k - Cached - Similar pages
Eric Murray: Papers: SSL Server Survey: Detailed Results
... Eric Murray. ... bcefa.org www.beadbear.com www.beanbagworld.net
www.beaniesforless.com
www.bearstearns.com www.beautyforwomen.co.uk www.beautyhub.com www.bellind
...
www.securedesignllc.com/papers/ssl_server_stats.html - 58k - Cached -
Similar pages
_____________________________________________
Free email with personality! Over 200 domains!
http://www.MyOwnEmail.com
----- End forwarded message -----
