[urgent] HTTPS scanning makes connections vulnerable/unsecure

Dolfi

Dolfi

Banned
@ALL: if you use HTTPS scanning make sure to put your bank, Paypal, eBay, ... in 'Exclusions' (Advanced Interface --> Settings --> Network --> Exclusions - lowest line in that window) and/or disable HTTPS scanning before making any transaction or giving (very) personal/private info to a site.

@AG team:
Please check here or here (or at any other browser security test site) to see hat "Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites."
I sincerely hope you haven't been aware of that?!

IMHO it's irresponsible to weaken customer security by ignoring security standards and well known weaknesses.
This is also nothing that can "wait until v6", AGs HTTPS scanning produces a severe security hole!
 
avatar

avatar

Administrator
Staff member
Administrator
We should implement TLS 1.2 in future indeed, I've answered in the corresponding thread.

One notice though.

Big red words on that website do not mean that TLS is not secure.
There are no vulnerabilities in it and if you compare 1.0, 1.1 and 1.2, they are all pretty the same.
 
Dolfi

Dolfi

Banned
avatar said:
Big red words on that website do not mean that TLS is not secure.
Click to expand...
I am with you: A yr ago such security was nice to have. But nowadays you (IMHO) should proactively protect your customers.
Issues arise any other day.
It was at least cool, sign of a competent, engaged vendor to natively support newest technology. If websites turn that down (enough do! :( ) it's bad enough, isn't it?
 
F

FattiesGoneWild

New Member
I am kinda confused and alarmed at the same time about this. Is it safe or not to continue using AdGuard https on any website? Including banks, paypal etc.
 
You must log in or register to reply here.
Top