Time's up for SHA-1 hash algo, but one in five websites still use it One in five websites (21 per cent) are still using certificates signed with the vulnerable SHA-1 hash algorithm, according to a new survey. Reliance on the obsolete hashing technology leaves companies at greater risk of security breaches and compliance problems, certificate management firm Venafi warns. Venafi's latest study …
Yep,
It took five extremely clever people and almost 7,000 of GPU/CPU time, but let's ignore the lack of patching, the lack of backups, the lack of encryption, the insecure unhardened CMS with a thousand unnecessary plugins, that most of these sites will be running, and worry about this.
The Problem Is Identity Assurance, who cares whether its patched or not if you can't be sure you are connecting to the right server.
Personally, if you are patched, backed up, encrypted, running a secure hardened CMS, with no unnecessary plug-ins and I cant be sure you are who you say you are, I'm not connecting.
A web browser that will refuse to talk with all the web management interfaces of the equipment I'm using. As if I'm not already having enough trouble with backward compatibility. Anyone want to beat vendors with a big stick to issue firmware updates that keep up with web standards on their interfaces?
and the good news is Firefox is getting rid of plugins, as if your headaches aren't bad enough now.
I've already had to drop Chrome as a browser for internal kit. Firefox auto-update is now turned off.
Better to run an insecure browser than one that doesn't work at all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
