Linux Today: Linux News On Internet Time.

More on LinuxToday

Apache Today: Weak Security Found in Many Web Servers

Sep 07, 2000, 17:45 (0 Talkback[s])

"Murray explained that these weak servers either support only the flawed SSLv2 protocol, use weak encryption, or have expired or self-signed digital certificates."

"'These weaknesses make the transactions that are protected by these servers easy to attack with modern key-cracking and/or hacking attacks,' said Murray, who added that there is no good reason for sites not to address the problems he has highlighted.

"There is no technical or legal reason to limit secure servers to using only SSLv2, since SSLv3, which corrects known weaknesses, is available. Since US export regulations were relaxed in January to allow the export of 128bit cryptographic products, there is also no reason to support only 40bit cipher suites or 512bit RSA keys."

Complete Story

Related Stories: