‘F’ for FAIL: Despite warnings, telco is yet to upgrade from RC4 suites. More than six months since The Register reported that Virgin Media had failed to move away from weak encryption software used on sensitive areas of its website – the ISP is yet to hit the upgrade button. In March, we flagged up security concerns to the Liberty Global-owned firm by pointing out that the RC4 stream cipher used by VM was having its life support cut off by the likes of Mozilla. Since then, the crypto algorithm’s death warrant has been signed by browser makers who have said that they will no longer connect to the insecure cipher come early next year.
View full story