Potential Security Concerns, Issues With aa.com, Apps (consolidated)
Nov 17, 2015 | 9:58 pm
#17
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT EXP; HH LT Diamond, Matre-plongeur des Muccis
Posts: 62,948
Hostile, snarky posts have been deleted. Please familiarize yourselves with the Rules, particularly:
/Moderator
Abusive Or Disruptive Behavior Or Content
12.1 Friendly, Respectful and Welcoming Link
FlyerTalk is a community and is intended to be a friendly, helpful and collegial place.
Please post in a friendly, respectful, welcoming manner. 'Snarky,' unfriendly posts will not be allowed. If you don't have something constructive to contribute to a thread, please do not post.
Unhelpful posts, such as "Do a search" or those that merely comment on the worthiness of others' posts or threads are neither friendly nor welcoming and will not be allowed. If you can't be helpful or contribute substantive content to a thread, please refrain from posting.
12.1 Friendly, Respectful and Welcoming Link
FlyerTalk is a community and is intended to be a friendly, helpful and collegial place.
Please post in a friendly, respectful, welcoming manner. 'Snarky,' unfriendly posts will not be allowed. If you don't have something constructive to contribute to a thread, please do not post.
Unhelpful posts, such as "Do a search" or those that merely comment on the worthiness of others' posts or threads are neither friendly nor welcoming and will not be allowed. If you can't be helpful or contribute substantive content to a thread, please refrain from posting.
Nov 17, 2015 | 11:40 pm
#18
Join Date: Apr 2011
Programs: AAdvantage (Platinum)
Posts: 536
aa.com's use of the dated/weak/insecure RC4 has been discussed in the thread about website outages (and how web browsers will drop support for RC4, which can prevent use of aa.com because the website doesn't support/offer anything else besides RC4).
I sent a msg to webserves about it and only got a boilerplate statement saying their site is secure and offering an explanation of what SSL is. I reiterated my points in a reply and never heard from them again.
The frontend webservers are run by Akamai, and I'm both surprised and disappointed that a company dedicated to the running of websites can do such a poor job. However, people I know who've either worked for Akamai or dealt with them as a customer/client had only bad things to say about the company.
I sent a msg to webserves about it and only got a boilerplate statement saying their site is secure and offering an explanation of what SSL is. I reiterated my points in a reply and never heard from them again.
The frontend webservers are run by Akamai, and I'm both surprised and disappointed that a company dedicated to the running of websites can do such a poor job. However, people I know who've either worked for Akamai or dealt with them as a customer/client had only bad things to say about the company.
Nov 17, 2015 | 11:52 pm
#19
Suspended
Join Date: Nov 2010
Posts: 1,677
The only thing that I can figure out is that they leave RC4 there on purpose because there are certain large countries like Africa and Brazil that still use it. So they don't want to risk losing a sale. But for Pete's sake, the year is amost 2016 and the RC4 cypher isn't very good!
Nov 20, 2015 | 4:11 am
#23
Suspended
Join Date: Nov 2010
Posts: 1,677