Is InformationWeek right? Are most all Drupal sites insecure?

yellow cloud of beautyImage by sophiea via Flickr

Personally, I think it’s just spreading FUD; but Information Week is reporting that “Just over a week ago, security researcher Mike Perry presented information at the DEFCON security conference about a vulnerability that affects many SSL-secured Web sites, including Amazon, Facebook, Gmail,, most Drupal sites, and many online merchants and banks. ”

I have no idea why Drupal would be mentioned by name in this manner, especially if it’s a problem with cookies and the SSL protocol.

Are there any Drupal core devs who would like to comment on this security issue? I’d love the write a follow-up blog post with the full story!

Reblog this post [with Zemanta]
  1. August 21, 2008
  2. August 22, 2008

Leave a Reply