Summing up Let's Decrypt vulnerability
The latest vulnerability to hit Windows got us all riled up. And rightfully so – a serious bug in the code prevents proper verification of ECC (Elliptic Curve Cryptography) certificates, and it took only few hours for people to release proof of concept certificates.
So, what that means for you? If you didn't patch up your Windows, it means a lot because we're dealing here with a serious vulnerability. To explain more in depth, our CTO Bojan Ždrnja, who is also a SANS Internet Storm Center handler, forgo more than a few hours of sleep to get to the root of the problem – his ISC SANS blog post
is a great way to learn what the problem is, to see how it functions in practice, plus they made a web site
that tests if you're vulnerable or not.
So, head over to Bojan's blog to see what the commotion is and to get better understanding of a serious vulnerability that you should patch as soon as possible.