Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

All information that gets sent to Apple goes over SSL v3, not v2 (just checked). This is the cause however with Microsoft (v2). V3 is a lot more secure than v2. However, I still agree, it should be asked if the information can be sent to Apple in the first place.



Folks are focusing on this point unnecessarily. Large scale real-time collection and cracking of SSLv2 is still out-of-scope for everybody, I suspect.

Large scale MITM, though, isn't, through compromised CA's, etc. That threat is much more severe and affects basically all software that relies on SSL/TLS (whatever version) for securing a connection or the CA system for validating the authenticity of downloads. That's a much more serious problem.

If MSFT is indeed not honoring opt-out of CEIP and other programs, the issue is them not honoring that preference. The particulars of the encryption built on top of a broken model are not the issue.


as far as i know SSLv3 more secured over SSLv2 on outside manipulations coz of hash of all old messages..




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: