[Dailydave] SSLMAGEDON 2014 means the world is a nice place.

Dave Aitel dave at immunityinc.com
Fri Nov 14 16:39:28 EST 2014


Again, we have a bunch of customers who are all "Vulnerable" (because
all Windows machines are) who are also trying to find out if they are
"at any risk whatsoever" from SSLMAGEDON. This is especially important
because the patch has issues
<http://aws.amazon.com/security/security-bulletins/ms14-066-advisory/>
and so people have to do a complex triage calculus with it.

Right now we're in a situation where nobody knows how bad the bug really
is going to be so while exploit writers are racing to get something
working, noone is truly sure if they are exposed. Of course, the denial
of service is a lot easier to trigger than full remote code execution.

And yet you'll notice that many IIS-based web sites are still reachable!
That means people are pretty nice in this world! A voice for hope.

-dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141114/0830a7db/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141114/0830a7db/attachment.sig>


More information about the Dailydave mailing list