Edit: the 3DS service URLs are not vulnerable to this attack; nothing to see here.
OP:
So, this was discovered a few days ago:
http://arstechnica.com/security/201...sses-tls-crypto-bites-10-percent-of-websites/
I did a quick check and Nintendo.com is apparently vulnerable to this:
https://www.ssllabs.com/ssltest/analyze.html?d=nintendo.com
... which likely means that other Nintendo related domains (including those used by the 3DS for updates/etc) are vulnerable as well.
So, I'm not 100% familiar with SSL mechanisms and HTTPS encryption in general, but it does seem as though Ninty encrypting all of their communications has been one of the numerous roadblocks this community has had to deal with. Given my lack of familiarity on the subject, I hope to pose the question to the more knowledgeable members of the community before this vulnerability is plugged: Do you think this is exploitable for us in any way?
OP:
So, this was discovered a few days ago:
http://arstechnica.com/security/201...sses-tls-crypto-bites-10-percent-of-websites/
I did a quick check and Nintendo.com is apparently vulnerable to this:
https://www.ssllabs.com/ssltest/analyze.html?d=nintendo.com
... which likely means that other Nintendo related domains (including those used by the 3DS for updates/etc) are vulnerable as well.
So, I'm not 100% familiar with SSL mechanisms and HTTPS encryption in general, but it does seem as though Ninty encrypting all of their communications has been one of the numerous roadblocks this community has had to deal with. Given my lack of familiarity on the subject, I hope to pose the question to the more knowledgeable members of the community before this vulnerability is plugged: Do you think this is exploitable for us in any way?