24th March 2011
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
|
|
SSL meltdown forces browser developers to update
From http://www.h-online.com/security/new...e-1213358.html
Quote:
According to Tor developer Jacob Appelbaum and a blog posting by the Mozilla Foundation, the Comodo SSL Certification Authority may have been compromised. As a consequence, criminals apparently obtained nine certificates for web sites that already existed, including addons.mozilla.org. There is no official statement on whether the situation was caused by insufficient checks during the certification process or by a breach of Comodo's infrastructure.
However, what initially appeared to be a problem for Comodo is now forcing browser developers to take counter measures and release updates. Otherwise, criminals could, for example, redirect users to a bogus Firefox plug-in page and offer them infected add-ons to install – as the page would possess a valid server certificate for addons.mozilla.org, users would be unaware, and Firefox wouldn't issue an alert. Similar attacks on online banking sites are also conceivable.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|