aeris22’s avataraeris22’s Twitter Archive—№ 34,160

  1. …in reply to @dusan_panic
    @dusan_panic @lanodan NIST guidelines and PCI DSS are just #LOLWTF in terms of security…
    On twitter.com Twitter logo aeris22’s avatar Mood -3 🙁
    1. …in reply to @aeris22
      @dusan_panic @lanodan For example, NIST requires possibly backdoored ECC curve. PCI DSS doesn’t reject SSLv3 and doesn’t enforce TLSv1.2.
      Permalink On twitter.com Twitter logo aeris22’s avatar Mood -4 🙁
      1. …in reply to @aeris22
        @dusan_panic @lanodan And none reject 3DES (and RC4 if I remember).
        Permalink On twitter.com Twitter logo aeris22’s avatar Mood -4 🙁
      2. …in reply to @aeris22
        @dusan_panic @lanodan Neither reject CBC cipher, or enforce HSTS/HPKP or worse, PFS only ciphers.
        Permalink On twitter.com Twitter logo aeris22’s avatar Mood -7 🙁
    2. …in reply to @aeris22
      @dusan_panic @lanodan CryptCheck check for REALLY secure parameters, like HSTS, HPKP… Can check HTTPS, SMTP, plain TLS, SSH…
      Permalink On twitter.com Twitter logo aeris22’s avatar Mood +1 🙂
      1. …in reply to @aeris22
        @dusan_panic @lanodan And later, DNSSec, DANE and others :)
        Permalink On twitter.com Twitter logo aeris22’s avatar Mood -3 🙁