Hacker News new | ask | show | jobs
by _phred 4848 days ago
So as a sort-of-amusing counterpoint to this article, I know at least one ASV who insists that the only way to mitigate BEAST is to disable all ciphers but RC4. Still scratching my head on that one.

That tool you posted is great, hugely helpful for anyone who has to deal with this stuff.
1 comments
tptacek 4848 days ago
This is a pretty good illustration of why professional appsec people don't like PCI.
link