IETF updates TLS/SSL best practice guidance Do: start rolling TLS 1.3, support TLS 1.2, and DTLS 1.2. Don't: negotiate sessions using TLS 1, TLS 1.1, SSL 2 or SSL 3. Those are the Internet Engineering Task Force's latest recommendations, set out in RFC 7525, Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). …
The RFC actually says:
No SSLv2
No SSLv3
No TLSv1.0 (Except when nothing higher is available)
No TLSv1.1 (Except when nothing higher is available)
Yes TLSv1.2
To my puny brain, those caveats basically say that TLSv1.0 and TLSv1.1 are still to be available (as an attacker wanting to use them would surely simply not announce support for higher...)
Indeed, permitted but not recommended, I guess I should have looked at the RFC itself. The fact remains that a lot of devices that ought to support TLS 1.2, break when TLS 1.0 is disabled.
As an example, see this test result for my own blog. Amongst the carnage is Android <4.4.2 (my phone is 4.1, have talked to ZTE about this), IE 8-10 on Windows 7 (doesn't affect me so much, but big corporates, this is a big problem) and Safari on MacOS X <10.8.
Now if it were a site for my own purposes, sure, I'll crank the security settings sky high and to hell with browser compatibility. TLS 1.2 is no problem. However, I can't control what the general public uses, and this is the sort of trade-off that a commercial business trading on the Internet has to make.
Is that the people that really need to read them are too lazy to do so, or feel "My system isn't important enough to need that". That and the world is flooded with old and/or broken stuff that requires lower levels of security.
Case in point, the other week I bought a WiFi enabled web camera to watch my backyard, but it only supported WEP (And this was in 2014 for fuck's sake...). I imagine that a lot of these new Internet-of-Things devices are in the same boat...
As I understand it it's traditional. Chinese insults tend to focus on the family and especially the mother (meaning "your mum" types of insults hit harder there) due to the long-standing emphasis on family values and respecting one's elders and ancestors.
The Google translation had no direct reference to family or mothers. So - have Google substituted a more commonplace Anglo-Saxon sexual insult?
In the days of Mao the apparently literal translations of their political insults like "imperialist running dogs" sounded rather strange to Western ears.
That's probably what's happening. That's why I said the translation is figurative. Taken more directly, I believe the insult makes an unsavory solicitation to one's mother (which like I said is considered a pretty foul epithet to the Chinese).
As for the political insults, I think it's less the "dog" part that was confusing as the "imperialist" and "running" parts. Dog's a generally insulting term when applied to a human, especially when used in terms of a mother dog.
Just as soon as the 4 critical web apps our clients use upgrade so we can do it. For the record Two of them are accounting apps, one of them is the employee electronic timesheet system, and the fourth is the employee electronic training system (which includes certs you need to complete to maintain your network account). I'm not sure, but the travel authorization system might also not yet supports something other than the verboten services. Yes, we are a US government agency at least 20,000 people in my branch, and I think all four of those programs are mandated at the Dept of ______ level. Yeah, if I said exactly where I work, you'd all recognize it, but I'm not authorized to speak for our agency so I have to keep it vague.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
