At 3:37 PM +0100 12/22/01, security@e-matters.de wrote: >Proof of Concept: > > A proof of concept webpage was put up at http://suspekt.org. Clicking > onto the "To the secure page..." link will send your browser to > https://suspekt.org without IE warning you that the certificate was not > issued onto that server. > > This is not a MIM but it has the same effect: IE will tell you a page is > secure although the certificate is illegal and its possible for a third > party (anyone who owns the given certificate) to decrypt your traffic in > realtime. I've tested the proof of concept page with both Internet Explorer 5.1.3 under Macintosh OS X 10.1.2 and Internet Explorer 5.0 under Mac OS 9.2.2. Both browsers report problems with the security certificate and prompt the user if they wish to continue. Guess the issue is only complex under Windows operating systems 8-) Kevin
This archive was generated by hypermail 2b30 : Tue Dec 25 2001 - 19:22:35 PST