back to article Citrix swats Sweet32 bug by just turning off old ciphers

Citrix has pushed back a little against the dangers posed to its users by the Sweet32 “birthday attack” against old ciphers. The attack, published in late August, is a birthday attack against 64-bit ciphers like Blowfish and Triple DES. That's prompted various vendors to get patching, but as Citrix explains in this blog post …

  1. Anonymous Coward
    Anonymous Coward

    Product?

    It would have been helpful to actually include the name of the product in your article! I had to click through to the blog post to find out it's about the Netscaler product line.

  2. Brian Miller

    Just because the bugs are fixed...

    doesn't mean that the deployed systems aren't vulnerable. There are so many systems out there that will never be fixed that it's just hideous. And some companies don't apply patches because that would just take effort...

    1. F Seiler

      Re: Just because the bugs are fixed...

      Your post holds for about every single patch, but it can't be stressed enough.

      Theoretical patch/updateability may actually be counter-productive where it really matters, because it may be an incentive to carelessness or cost cutting at release while critical systems often cannot "just update" without considerable costs and interrupting service. Ianal, but something might need to be recertified, years and milions spent.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022