mozilla :: #security

17 Mar 2017
07:46huzaifasabillings: or dveditz can i get a cc on please
07:46firebotBug 1348168 is not accessible
12:48ulfrjcj: and here's a list of sites that were seen having a trusted sha1 cert over the last month
12:48ulfrI imagine some of them have updated to sha256 since
12:58ulfrthis one wins all:
12:58ulfr6 years SHA1 cert, ssl3/tls1 only, null-md5 ciphersuite, dh-512 and some rc4 for good measure
15:27jcjulfr: that's awesome, ha ha :D
15:28ulfrI need to make a museum of tls horrors
17:45genejgmize: hate to bother you again. Any chance you could copy paste these commands sometime today?
17:45firebotBug 1232088 REOPENED, Request for Engagement to update Infosec security auditing IAM Role and enable CloudTrail
17:45jgmizegene: looking now
17:45genejgmize: thank you =)
17:50kangulfr: waiting for sha256 to be weakened so that we can deprecate it in favor of sha-512, so that we can do this again with whatever is next =)
18:00jgmizegene: I've run the commands and there was no output; do you want me to write a script to list all the stacks in all the regions, or would you prefer to verify things on your side?
18:01geneNo need, I'll verify on my side, thank you for running them! No output is a good sign
18 Mar 2017
No messages
Last message: 6 days and 13 hours ago