Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Patents Encryption

Intuit Beats SSL Patent Troll That Defeated Newegg 59

Last fall, Newegg lost a case against patent troll TQP for using SSL with RC4, despite arguments from Diffie of Diffie-Hellman key exchange. Intuit was also targeted by a lawsuit for infringing the same patent, and they were found not to be infringing. mpicpp (3454017) sends this excerpt from Ars: U.S. Circuit Judge William Bryson, sitting "by designation" in the Eastern District of Texas, has found in a summary judgment ruling (PDF) that the patent, owned by TQP Development, is not infringed by the two defendants remaining in the case, Intuit Corp. and Hertz Corp. In a separate ruling (PDF), Bryson rejected Intuit's arguments that the patent was invalid. Not a complete victory (a clearly bogus patent is still not invalidated), but it's a start.
This discussion has been archived. No new comments can be posted.

Intuit Beats SSL Patent Troll That Defeated Newegg

Comments Filter:
  • Re:WAT (Score:2, Informative)

    by Anonymous Coward on Thursday June 26, 2014 @10:39AM (#47324247)

    It is not of high quality.

    http://en.wikipedia.org/wiki/RC4#Security

    http://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628

    http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

    https://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html

    http://www.networkworld.com/article/2164421/security/potential-weakness-in-ssl-tls-security-downplayed-by-certificate-group.html

  • Re:WAT (Score:5, Informative)

    by SJ2000 ( 1128057 ) on Thursday June 26, 2014 @11:43AM (#47324869) Homepage
    Yes you can. There are many types of cryptographic weakness (Eg: an attack that reduces the effective key space) but specifically regarding RC4, there are weaknesses [uconn.edu] which make it difficult to use properly in common scenarios.

Real Users never know what they want, but they always know when your program doesn't deliver it.

Working...