Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: OpenSSL and export suites (Score 1) 89

by yuhong (#49176411) Attached to: FREAK Attack Threatens SSL Clients

What is sad is that OpenSSL disabled the EXPORT1024 ciphersuites in 2006. If you don't know what these are, in year 1999 the US government raised the limit to 56-bit encryption and 1024-bit RSA. They were described in https://tools.ietf.org/html/dr... . And for the record it was in year 2000 that the restrictions was removed for "retail" software.

Comment: From the post... (Score 3, Informative) 196

by yuhong (#49033885) Attached to: Firefox To Mandate Extension Signing

"Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into Web pages or even inject malicious scripts into social media sites. To combat this, we created a set of add-on guidelines all add-on makers must follow, and we have been enforcing them via blocklisting (remote disabling of misbehaving extensions). However, extensions that violate these guidelines are distributed almost exclusively outside of AMO and tracking them all down has become increasingly impractical. Furthermore, malicious developers have devised ways to make their extensions harder to discover and harder to blocklist, making our jobs more difficult."

The clash of ideas is the sound of freedom.

Working...