From: Alejandro Dubrovsky (s328940@student.uq.edu.au)
Date: Wed Aug 14 2002 - 23:05:43 MDT
On Thu, 2002-08-15 at 13:05, Emlyn O'regan wrote:
> Here's the top part of a confused warning email that I received about this
> bug (first bringing it to my attention):
>
> ----
> FYI you online shoppers (Windows XP is not vulnerable to this exploit)
>
> SSL defeated in IE and Konqueror
> By Thomas C Greene in Washington
> Posted: 12/08/2002 at 06:38 GMT
>
> A colossal stuff-up in Microsoft's and KDE's implementation of SSL (Secure
> Sockets Layer) certificate handling makes it possible for anyone with a
> valid VeriSign SSL site certificate to forge any other VeriSign SSL site
> certificate, and abuse hapless Konqueror and Internet Explorer users with
> impunity.
> ----
Konqueror has already been fixed on CVS (or so i've heard).
alejandro
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:07 MST