Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How bad will this actually be?


As techscruggs put it [0], the ClientHello sigalgs DoS vulnerability does not seem to facilitate unauthorized access. It may allow malicious parties to take you down, but not get in your system.

The other big one is the RSA silently downgrades to EXPORT_RSA thingy. This is the now famous SMACK TLS [1], disclosed 2 weeks ago by researchers from INRIA, IMDEA, and MicroSoft. Most of the software is getting patched (OpenSSL already has) but still very scary.

[0] https://news.ycombinator.com/item?id=9231958

[1] https://www.smacktls.com


nit picking: SMACK TLS is a collection of attack on TLS found by the inria and microsoft, FREAK is the attack mentionned in the CVE


Thank you, but I cannot edit anymore.

Readers of my above comment, please note that it should read:

"This is [part of] the now famous SMACK TLS"




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: