"The fatal flaw making exploitation possible is the failure of JavaServer Faces to implement AES/DES encryption algorithms correctly. The scheme provides no way to sign the ciphertext or authenticate the block cipher mode."
That says it all. Incorrect implementation of server software. Bob > I highly doubt that SSL was hacked, that is the encryption method itself. > They probably back or side doored it. > > Bob > > > On Sep 21, 2011, at 4:09 AM, Claudi Cornaz wrote: > >> Hi all, >> >> I came across this article and altough I don't know much about this I >> thought it might interest some of you. >> Hackers break SSL encryption used by millions of sites >> >> I don't know which version of SSL livecode server deploys, but apparently >> this might be something quite serious >> and perhaps even a unique opportunaty for livecode server by being/becomming >> save. >> >> Claudi >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode