Quote:
Originally Posted by Geco
You're right murg, but they also show a low level of security, regardless the Heartbleed itself.
Compare it with, say, https://rubygems.org that is anyway a 'free' site, we have a class 'F' security of Kobo against a class 'C' security of rubygems.
|
The major reason for the markdown seems to be due to allowing the use of insecure renegotiation opening the way for man in the middle attacks. Another reason for avoiding public networks for secure transactions. It would be better for Kobo to configure their servers in strict mode but there is a good chance of having issues with some systems.
I did find your worrying about Heartbleed on the Kobo site as a bit odd in light of the final portion of the report -- as far as I know, no version of Microsoft's IIS uses the OpenSSL code and so would not be vulnerable to the Heartbleed bug.
Regards,
David