[PLUG] Five year old unpatched vulnerable in code? That's OK, we're Seagate.
Rich Shepard
rshepard at appl-ecosys.com
Wed Mar 4 21:45:35 UTC 2015
On Wed, 4 Mar 2015, John Bartley K7AAY john at 503bartley.com wrote:
> http://www.techrepublic.com/article/seagate-vulnerability-raises-questions-about-security-disclosures-and-proprietary-nas-solutions
Apparently a lot of ancient vulnerabilities are still present in current
software releases. Yesterday's news was that Google and Apple are among the
Web sites still using the 512-bit encryption madated by the feds as
export-acceptable in the early- mid-1990s. Apparently, a moderately competent
cryptanalyst with the power of ~15 servers (which can be accessed at AWS and
other cloud computing providers) can extract the key in about 7 hours. Oops!
For whatever the reason, they (and a bunch of others) never upgraded their
encryption to 1024-bit or 2048-bit. Chrome is apparently not vulnerable, but
Safari is.
I don't have the URLs to the articles available or I'd post them here.
Rich
More information about the PLUG
mailing list