Wietse Venema put forth on 3/7/2011 2:08 PM: > CERT/CC announces a flaw today in multiple STARTTLS implementations. > This problem was silently fixed in Postfix 2.8 and 2.9. Updates > for Postfix 2.[4-7] are made available via the usual channels.
Nice catch Wietse! Normally I'd follow that with "nice save", but, unfortunately... It is so darn easy for miscreants to phish account credentials from Joe/Jane sixpack that I doubt [m]any would even bother trying to exploit this STARTTLS flaw--much lower ROI than phishing. Code up a fix for the Joe/Jane sixpack flaw and the world's citizens will commission a bronze statue in your honor. -- Stan
