RE: Major IE SSL Vulnerability?

From: Alejandro Dubrovsky (s328940@student.uq.edu.au)
Date: Wed Aug 14 2002 - 23:05:43 MDT

• Next message: John K Clark: "Re: globalization of fear"
• Previous message: John K Clark: "Re: globalization of fear"
• In reply to: Emlyn O'regan: "RE: Major IE SSL Vulnerability?"
• Next in thread: Peter Amstutz: "Re: Major IE SSL Vulnerability?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2002-08-15 at 13:05, Emlyn O'regan wrote:
> Here's the top part of a confused warning email that I received about this
> bug (first bringing it to my attention):
>
> ----
> FYI you online shoppers (Windows XP is not vulnerable to this exploit)
>
> SSL defeated in IE and Konqueror
> By Thomas C Greene in Washington
> Posted: 12/08/2002 at 06:38 GMT
>
> A colossal stuff-up in Microsoft's and KDE's implementation of SSL (Secure
> Sockets Layer) certificate handling makes it possible for anyone with a
> valid VeriSign SSL site certificate to forge any other VeriSign SSL site
> certificate, and abuse hapless Konqueror and Internet Explorer users with
> impunity.
> ----

Konqueror has already been fixed on CVS (or so i've heard).
alejandro

• Next message: John K Clark: "Re: globalization of fear"
• Previous message: John K Clark: "Re: globalization of fear"
• In reply to: Emlyn O'regan: "RE: Major IE SSL Vulnerability?"
• Next in thread: Peter Amstutz: "Re: Major IE SSL Vulnerability?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:07 MST