Sweet32 Nearly a Year On: Vulnerabilities People Stop Caring About

Maybe I’m a little strange when it comes to security – for content that I care little about, I’m very lax.  My web history? Anyone can see it.  Passwords to my social media?  Eh, I don’t represent anything official, I’ll use the same one for all of them (and don’t pretend you don’t too).  But when I get to a point where security matters for me even a small bit – my credit card info, my bank account login, or my professional passwords, I get to paranoia levels of cautiousness.  You better have the most up to date SSL ciphers and every page better be HTTPS or I’m going to back out.  When working with my job’s administration to set up credentials I even get wary telling it over the phone, wondering if there might be a man-in-the-middle listening in (hint: there shouldn’t be, security is set up properly on it).

So one of the most frustrating things to me is to see how laissez-faire security blogs have treated Sweet32, a vulnerability released to the public back in August 2016.

Continue reading “Sweet32 Nearly a Year On: Vulnerabilities People Stop Caring About”