I usually complain when some site uses RC4 and I can't access it, but unlike the OP I don't do that via twitter
(one reason is that I don't even have an account there).
I've sent 2 emails regarding the use of ONLY RC4 on payment sites in my country, and although such emails aren't always acknowledged they did get fixed after I CC-ed their PCI auditors [1] :)
It was, part of it. RC4 had a CVE score below 4 (which many interpreted as an issue they could argue around, i.e. "we need to support Windows XP!"), but BEAST had a score above 4 (auto-fail). And what was the (horrible!) recommendation people got when asking how to mitigate BEAST but still let Windows XP connect? That's right: RC4.
That excuse has gone, on two counts. RC4's now thoroughly toast, and Windows XP's unsupported - and now finds itself without any secure ciphers at all.
Not long now. I think that will mostly depend on whether they give the issues a name and a logo! <g> (Seriously though, that does seems to get people off their arses!)
You might want to get ready to change passwords for sites that have used RC4 in the past. Or, despite as much warning as anyone can give, are inexplicably still using it.
I usually complain when some site uses RC4 and I can't access it, but unlike the OP I don't do that via twitter (one reason is that I don't even have an account there).
I've sent 2 emails regarding the use of ONLY RC4 on payment sites in my country, and although such emails aren't always acknowledged they did get fixed after I CC-ed their PCI auditors [1] :)
[1] which you can find publicly on Visa's site at 'PCI DSS validated Member Agent Weblisting' http://www.visaeurope.com/receiving-payments/security/downlo...