[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

WARNING: Konqueror (and IE) SSL Bug Reported

From a Slashdot article dated Monday August 12th. at

  "The Register reports that IE and Konqueror both have a bug 
  that allows anyone with a legit Verisign SSL certificate to 
  issue a 'legit' certificate for a 3rd party site. IE and 
  Konqueror don't both to check the issuer of this intermediate 
  cert making SSL in both browsers something of a joke". 

  Update by Hetz: if you're using KDE from CVS, the fix is 
  inside or you can wait to next week for KDE 3.0.3 (which 
  will have more fixes for KDE 3.0). Thanks to Waldo Bastian 
  for the blazing fast fix (95 minutes since it was reported).

Just thought folks might appreciate a heads-up on this.

The impact is that a Bad Site can create a server certificate that
appears to have been duly certified as valid by a trusted CA, when in
fact the certificate is bogus.  The bug is that affected browsers
don't check the CA's trusted status properly.

Full marks to the Konqueror team for such a fast response.

KDE 3.0.3 huh ?   Any hero producing debs ?   Chris ?


Nick Boyce
Bristol, UK
Boycott Amazon till they relent on the 1-click software patent
- http://www.gnu.org/philosophy/amazon.html

Reply to: