Meanwhile, In Illicit SSL Certificate News... →
Blatant stupidity displayed by Symantec Corporation (NasdaqGS:SYMC) in the hotly-contested CA space is the topic of todays' how-not-to-do-business-in-the-technical-sector. Evidence published on Friday of last week, by Ars Technica Security Editor Dan Goodin points to illicit CA artifact issuance by the company. The discovery was made by a third party reseller monikered SSLMate. Read it and weep for the encrypted interwebs.
Google Disables SSL and RC4, Better Late Than Never →
Adam Langley posts good news... Google Inc. (NasdaqGS: GOOG) has finally made the move, and is in the process of disabling SSL v3 (obsoleted 16 years ago) and RC4.
SSLv3 has been obsolete for over 16 years and is so full of known problems that the IETF has decided that it must no longer be used. RC4 is a 28 year old cipher that has done remarkably well, but is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also warrants a statement that it too must no longer be used. - via Adam Langley writing at the Google Online Security blog.