WARNING: Konqueror (and IE) SSL Bug Reported

To: debian-kde@lists.debian.org
Subject: WARNING: Konqueror (and IE) SSL Bug Reported
From: Nick Boyce <nick@glimmer.demon.co.uk>
Date: Tue, 13 Aug 2002 03:33:45 +0100
Message-id: <[🔎] dtrglucovpbj50r5jfo1oft1ck13gjd2e7@4ax.com>

From a Slashdot article dated Monday August 12th. at
http://slashdot.org/article.pl?sid=02/08/12/1341239&mode=thread&tid=172


  "The Register reports that IE and Konqueror both have a bug 
  that allows anyone with a legit Verisign SSL certificate to 
  issue a 'legit' certificate for a 3rd party site. IE and 
  Konqueror don't both to check the issuer of this intermediate 
  cert making SSL in both browsers something of a joke". 

  Update by Hetz: if you're using KDE from CVS, the fix is 
  inside or you can wait to next week for KDE 3.0.3 (which 
  will have more fixes for KDE 3.0). Thanks to Waldo Bastian 
  for the blazing fast fix (95 minutes since it was reported).


Just thought folks might appreciate a heads-up on this.

The impact is that a Bad Site can create a server certificate that
appears to have been duly certified as valid by a trusted CA, when in
fact the certificate is bogus.  The bug is that affected browsers
don't check the CA's trusted status properly.

Full marks to the Konqueror team for such a fast response.

KDE 3.0.3 huh ?   Any hero producing debs ?   Chris ?

Cheers

Nick Boyce
Bristol, UK
--
Boycott Amazon till they relent on the 1-click software patent
- http://www.gnu.org/philosophy/amazon.html

Reply to:

Prev by Date: Re: kpanel and wmapplets
Next by Date: kcontrol shows nothing on KDE3
Previous by thread: Re: Enable Desktop Menu
Next by thread: kcontrol shows nothing on KDE3
Index(es):
- Date
- Thread