Security Overhead: Revisited

My post yesterday on Security Overhead, I spent a lot of time talking about an SSL exploit recently released.  Woody Leonhard writes in an Infoworld article that this exploit is overhyped, that the vulnerability leveraged old and shouldn’t exist on most systems in production today (unless certain features were turned off for one reason or another– hey, it happens!).  Although there are claims that unpublished exploits exist that would affect modern systems, security experts are understandably skeptical.  Without more evidence, it sounds like this threat may be a lot less severe than initially reported, but as I think I just demonstrated, my IT expertise does not always allow me to validate the nature of these threats.  So far, I haven’t found any response or clarification at the Internet Storm Center on this issue.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s