F5 DROWNing, not waving, in crypto fail
If you’re an F5 BIG-IP sysadmin, get patching: there’s a bug in the company’s RSA implementation that can give an attacker access to encrypted messages. As the CVE assignment stated: “a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may…