Greetings,

This week we are waiting on news that SSL/TLS has been broken. We will see tomorrow (our time) what this actually means for real world use, however SANS has compiled a handy list for "worse case vulnerability":

"The TLS support for browsers right now is:
IE9 TLS 1.0, 1.1, 1.2 all supported via Schannel
IE8 TLS 1.0 supported by default, 1.1 and 1.2 can be configured
Opera - 10.x supports TLS 1.0, 1.1, 1.2
Mozilla/Firefox - TLS 1.0 only
Chrome - TLS 1.0 only (though an update is rumoured)
Safari - TLS 1.0
Cell phones - various support levels"
(see: http://isc.sans.edu/diary.html?storyid=11629)

This week has also delivered updates for Adobe Flash Player, Google Chrome (two of them) and everyone's favourite tool, Wireshark.

In other news this week the CA DigiNotar has filed for voluntary bankruptcy. If your Dutch is as good as mine, Google translate works just fine.

Lastly, if any of you have made it to one of our two most recent AusCERT Security Conferences you may have noticed that we had lock-picking talks, tutorials and workshops. Part of the reason is that I have been interested in lock-picking since I was in grade 7 at school. In grade 7 we all had the same type of 3-pin padlock for our lockers, and while my key would only open my lock, my best friend had a key that would open both his lock, and my lock! Well... if someone has shown me this 24-part set of lock-picking videos back then it would have saved me literally years of poking around locks and keys until I managed to pick my first lock.

Well, I hope your week was as good as my week (free pizza for lunch today!)
Richard