|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kristian Erik Hermansen (kristian.hermansen
gmail.com)
Date: Fri Aug 21 2009 - 15:40:07 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
...should be pretty easy ;-) Company has been notified many times
privately of this issue, but they appear incompetent. Time for public
shaming.
"""
$ sslscan myaccount.socalgas.com | grep NULL
Accepted SSLv3 0 bits NULL-SHA
Accepted SSLv3 0 bits NULL-MD5
Accepted TLSv1 0 bits NULL-SHA
Accepted TLSv1 0 bits NULL-MD5
"""
NULL cipher SSL/TLS presents the illusion of security and customers
should be aware that their credentials are easily intercepted. Wanna
shut off someone's gas in Los Angeles? :-)
--
Kristian Erik Hermansen
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]