Re: IE https certificate attack

From: Donald King (donald_kingat_private)
Date: Wed Dec 26 2001 - 10:32:15 PST

Next message: CDE Francis: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"

Previous message: August September: "FW: IE https certificate attack"
In reply to: security@e-matters.de: "IE https certificate attack"
Next in thread: The Death: "RE: IE https certificate attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat 22 Dec 2001 08:37, security@e-matters.de wrote:
  [Snip]
>    A flaw in Microsoft Internet Explorer allows an attacker to perform
>    a SSL Man-In-The-Middle attack without the majority of users
> recognising it. In fact the only way to detect the attack is to manually
> compare the server name with the name stored in the certificate.
>
  [Snip]

I have confirmed the following on my own system:
 * Konqueror 2.1 is VULNERABLE;
 * Mozilla 0.9.6 is not vulnerable;
 * Netscape 4.75 is not vulnerable.

-- 
Donald King, a.k.a. Chronos Tachyon
http://chronos.dyndns.org/ -- WWED?
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
 12:17pm  up 59 days, 16:03,  1 user,  load average: 0.13, 0.13, 0.09

Next message: CDE Francis: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"
Previous message: August September: "FW: IE https certificate attack"
In reply to: security@e-matters.de: "IE https certificate attack"
Next in thread: The Death: "RE: IE https certificate attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 26 2001 - 16:29:09 PST