Re: IE https certificate attack

From: Geoff Joy (geoffat_private)
Date: Wed Dec 26 2001 - 18:00:09 PST

Next message: Richard M. Smith: "Too much misleading advice on the Universal Plug-and-Play security hole"

Previous message: The Death: "RE: IE https certificate attack"
In reply to: e-matters GmbH - Securityteam: "Re: IE https certificate attack"
Next in thread: Przemyslaw Frasunek: "Re: IE https certificate attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Internet Explorer 6.0.2600.0000 with the latest Critical Updates
including Q306121; Q312461; Q313675 is VULNERABLE.

Tested in Windows 2000 Professional 5.0.2195 SP2:
                Patch Found     MS00-077        Q299796
                Patch Found     MS00-079        Q276471
                Patch Found     MS01-007        Q285851
                Patch Found     MS01-013        Q285156
                NOTE            MS01-022        Q296441
                Patch Found     MS01-025        Q296185
                Patch Found     MS01-031        Q299553
                Patch Found     MS01-037        Q302755
                Patch Found     MS01-041        Q298012
                Patch Found     MS01-043        Q303984
                Patch Found     MS01-046        Q252795



Manually checking the certificate reveals that the domain issued to
the certificate does not match the domain of the web site.

Next message: Richard M. Smith: "Too much misleading advice on the Universal Plug-and-Play security hole"
Previous message: The Death: "RE: IE https certificate attack"
In reply to: e-matters GmbH - Securityteam: "Re: IE https certificate attack"
Next in thread: Przemyslaw Frasunek: "Re: IE https certificate attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 26 2001 - 18:14:16 PST