Intuit Beats SSL Patent Troll That Defeated Newegg

Last fall, Newegg lost a case against patent troll TQP for using SSL with RC4, despite arguments from Diffie of Diffie-Hellman key exchange. Intuit was also targeted by a lawsuit for infringing the same patent, and they were found not to be infringing. mpicpp (3454017) sends this excerpt from Ars: U.S. Circuit Judge William Bryson, sitting "by designation" in the Eastern District of Texas, has found in a summary judgment ruling (PDF) that the patent, owned by TQP Development, is not infringed by the two defendants remaining in the case, Intuit Corp. and Hertz Corp. In a separate ruling (PDF), Bryson rejected Intuit's arguments that the patent was invalid. Not a complete victory (a clearly bogus patent is still not invalidated), but it's a start.

Re:WAT

[Anonymous Coward]

It is not of high quality.

http://en.wikipedia.org/wiki/RC4#Security

http://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628

http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

https://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html

http://www.networkworld.com/article/2164421/security/potential-weakness-in-ssl-tls-security-downplayed-by-certificate-group.html

Re:WAT

[SJ2000]

Yes you can. There are many types of cryptographic weakness (Eg: an attack that reduces the effective key space) but specifically regarding RC4, there are weaknesses [uconn.edu] which make it difficult to use properly in common scenarios.