Hi, Just FYI, I did get a warning as soon as I entered http://suspekt.org/ with Konqueror from KDE3beta1. "The Ip address of the host supekt.org does not match the one the certificate was issued to." Diego. On Tue, 25 Dec 2001 16:14:39 +0100 "Przemyslaw Frasunek" <venglinat_private> wrote: > On Saturday 22 December 2001 15:37, security@e-matters.de wrote: > > A proof of concept webpage was put up at http://suspekt.org. Clicking > > onto the "To the secure page..." link will send your browser to > > https://suspekt.org without IE warning you that the certificate was not > > issued onto that server. > > Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also > vulnerable. I've got no warning when entering on this page. I've tested it > also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the > same result. > > -- > * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * > * Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *
This archive was generated by hypermail 2b30 : Tue Dec 25 2001 - 19:17:40 PST