DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th April 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default How is SSL hopelessly broken? Let us count the ways

From http://www.theregister.co.uk/2011/04..._ssl_analysis/

Quote:
Analysis Every year or so, a crisis or three exposes deep fractures in the system that's supposed to serve as the internet's foundation of trust. In 2008, it was the devastating weakness in SSL, or secure sockets layer, certificates issued by a subsidiary of VeriSign. The following year, it was the minting of a PayPal credential that continued to fool Internet Explorer, Chrome and Safari browsers more than two months after the underlying weakness was exposed.

And in 2010, it was the mystery of a root certificate included in Mac OS X and Mozilla software that went unsolved for four days until RSA Security finally acknowledged it fathered the orphan credential.

This year, it was last month's revelation that unknown hackers broke into the servers of a reseller of Comodo, one of the world's most widely used certificate authorities, and forged documents for Google Mail and other sensitive websites. It took two, seven and eight days for the counterfeits to be blacklisted by Google Chrome, Mozilla Firefox and IE respectively, meaning users of those browsers were vulnerable to unauthorized monitoring of some of their most intimate web conversations during that time.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Xtracting Data after Fragmentation / Block Count / Partition Problems on Boot IronForge OpenBSD Installation and Upgrading 3 16th December 2010 01:09 AM
All awk's on Solaris are broken! s0xxx Solaris 1 20th January 2010 10:49 PM
hardware broken? gosha General Hardware 2 25th November 2009 08:32 AM
FreeBSD 7.2@amd64 atheros problem ath0: stuck beacon; resetting (bmiss count 4) asmo FreeBSD General 0 6th June 2009 11:02 AM
Is something broken in BSD-Gnome2 rex FreeBSD General 13 8th May 2008 02:17 PM


All times are GMT. The time now is 10:30 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick