Old SSL/TLS Hole Not Patched at Most Websites

Posted by JD 06/21/2011 at 17:00

There’s an old SSL/TLS security hole (from 11/2009) that has been out and patched for over a year (since 2/2010), but it appears that many major websites haven’t bothered patching it. CVE-2009-3555

The guys over at ssltls.de have a list. Seems that consistently patching is tough for many organizations. The list is pretty shocking for who is and isn’t patched. Take a look and be afraid. There are lots of big banks on the unpatched list. Scary. The list is not comprehensive, so just because your site or bank aren’t listed, doesn’t mean they are consistently patched.

  • home.americanexpress.com is patched, but
  • www.americanexpress.com cannot be confirmed as patched.

There are attacks in the wild that take advantage of this issue. I need to check whether my SSL sites are vulnerable too. Here’s an SSL checker

Finances from 2008

Posted by JD 01/03/2009 at 08:30

So, 2008 is over. Thankfully. I saw my savings drop, er, significantly. By just looking at the numbers, I did some things right and others, very wrong.

What I did wrong

  1. I didn’t get out of all stocks that lost 20% in July. I had a belief that July was the bottom and it would go up from there regardless of what others where saying and the actual ticker.
  2. I rode most of these investments down 40+ percent and still own them.
  3. I rode a single investment down 92% and sold for that loss on 12/31. The same day I sold it, it rose 4% – after I sold.
  4. In May, I didn’t take as much of my profits in international investments as I should have. I did place a limit order that was never reached to sell on the next 20% gain. It was close to selling.
  5. I ignored my rule to sell all whenever an investment drops 10% off the peak.
  6. Much of what I did wrong was due to my traveling and paying more attention to non-financial life things. Some of that wrong stuff was lucky, this time.

What I did right

  1. I rolled my 401(k) money into my IRA
  2. That cash stayed in cash until August and missed all the loses. The cause for most of this was luck – I was out of the country.
  3. In August, I started trading around my other positions, making about one trade every 2 weeks. This method takes advantage of wide swings in stock prices. In this volatile market, it worked. Very well, actually. 15% gains in 5-10 days, not bad.
  4. Because of luck and the other things, my IRA barely lost 5% this year.

The numbers

I wrote the stuff above before I pulled the actual numbers.

Account Result Notes
Taxable Investments -38.36% No major transactions except buy of CVS in Jan and pulling some living money out
Roth -10.40% No significant transactions in 2008
IRA -5.04% Traded around positions in FAST, EWZ, CSCO

These numbers are better than I thought they would be. The -38% in my taxable account was better than expected even with me taking living and travel cash out the last year.

My huge tax loss was from ACAS, which was up 14%+ on 1/2/09 and 19% for the week. Nice.