On jue, 2016-03-03 at 08:37 +0100, Nicolas F. wrote: > On 01/03/16 23:23, P. A. López-Valencia wrote: > > > > The vulnerability is so bad[1], it doesn't only have a CVE number, > > CVE-2016-0800[4], but a name and its own website: HTTPS > > DROWN[1][2][3]. > Just as many other vulnerabilities these days, there is a marketing > campaign behind them, probably to sell consultancy services. > > Anybody who's security-minded hasn't been using SSLv2 anyway. > > In a perfect world, yes. But your assumption is not realistic. Not everyone is following the latest news on infosec and it is not that easy to disable on the server side. A reminder is always in order. -- Pedro A. López-Valencia http://about.me/palopezv Recession is when your neighbor loses his job. Depression is when you lose yours. -Ronald Reagan
