My post yesterday on Security Overhead, I spent a lot of time talking about an SSL exploit recently released. Woody Leonhard writes in an Infoworld article that this exploit is overhyped, that the vulnerability leveraged old and shouldn’t exist on most systems in production today (unless certain features were turned off for one reason or another– hey, it happens!). Although there are claims that unpublished exploits exist that would affect modern systems, security experts are understandably skeptical. Without more evidence, it sounds like this threat may be a lot less severe than initially reported, but as I think I just demonstrated, my IT expertise does not always allow me to validate the nature of these threats. So far, I haven’t found any response or clarification at the Internet Storm Center on this issue.