WARNING: Konqueror (and IE) SSL Bug Reported
From a Slashdot article dated Monday August 12th. at
http://slashdot.org/article.pl?sid=02/08/12/1341239&mode=thread&tid=172
"The Register reports that IE and Konqueror both have a bug
that allows anyone with a legit Verisign SSL certificate to
issue a 'legit' certificate for a 3rd party site. IE and
Konqueror don't both to check the issuer of this intermediate
cert making SSL in both browsers something of a joke".
Update by Hetz: if you're using KDE from CVS, the fix is
inside or you can wait to next week for KDE 3.0.3 (which
will have more fixes for KDE 3.0). Thanks to Waldo Bastian
for the blazing fast fix (95 minutes since it was reported).
Just thought folks might appreciate a heads-up on this.
The impact is that a Bad Site can create a server certificate that
appears to have been duly certified as valid by a trusted CA, when in
fact the certificate is bogus. The bug is that affected browsers
don't check the CA's trusted status properly.
Full marks to the Konqueror team for such a fast response.
KDE 3.0.3 huh ? Any hero producing debs ? Chris ?
Cheers
Nick Boyce
Bristol, UK
--
Boycott Amazon till they relent on the 1-click software patent
- http://www.gnu.org/philosophy/amazon.html
Reply to: