Tag: rc4

When it comes to online banking, sub-optimal encryption isn’t our biggest concern

Malware authors and scammers won’t attack the crypto. Under the headline “no zero-day necessary”, Xiphos has published a rather scary blog post on the state of SSL security within the UK’s finance industry. It concludes that more than 50% of UK-owned retail banks have weak SSL implementations on their online banking sites, with 14% of…

January 6, 2016
‘NOMORE’ attack makes RC4 a little weaker again

No good reason to continue using the stream cipher, yet attacks remain impractical. Researchers from the KU Leuven have presented a new attack against the RC4 stream cipher called ‘NOMORE’, which is short for Numerous Occurrence MOnitoring & Recovery Exploit. While it is really good research, and while it re-emphasises the point that the cipher…

July 20, 2015

When it comes to online banking, sub-optimal encryption isn’t our biggest concern