Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Another Reason to Abandon SSL

March 2, 2016

I've already written that SSL is dead and we should all be using TLS. We've already heard about attacks on SSL called POODLE and FREAK. The latest vulnerability has been labeled DROWN. The DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) attack assumes that SSLv2 and TLS are both running on a computer, thereby making the more secure TLS vulnerable to being decrypted. Why is anyone still running a website with SSL? The latest discovery means that approximately one third of all websites are vulnerable to the attack. Perhaps it is just laziness or ignorance, but anyone that hosts a website should disable SSL. How many more vulnerabilities need to be discovered before the world shuts down SSL? Even if you don't control the technology for your website, check with your provider to make sure they are using TLS and have SSL disabled.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com