Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix …

I’ve seen some great exploits published over the past few hours but, just a reminder, they sky is not falling in just yet…:

[…] One proof-of-concept code sample available to all is a tiny package of just 50-or-so lines of Python. Despite the ease with which the exploit is able to do its work, the author, Yolan Romailler at Swiss security shop Kudelski, said people shouldn’t panic over the network traffic eavesdropping aspect of CVE-2020-0601: a snoop has to be able to intercept your connections.

“In the end, please keep in mind that such a vulnerability is not at risk of being exploited by script kiddies or ransomware,” notes Romailler in his detailed write-up of the bug.


Original article here