Slashdot Mirror


IE and Konqueror Bug Makes SSL Insecure

Spad writes "The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo bastian for the blazing fast fix (95 minutes since it was reported).

3 of 443 comments (clear)

  1. Sounds like a feature to me! by Nonesuch · · Score: 4, Funny
    I've been looking for a way to issue new "trusted" certificates for my web sites without having to pay big bucks to Verisign.

    Little did I know, the answer was right in front of me, in the form of the one Verisign certificate I shelled out the cash for :-)

  2. Damn. by FreeLinux · · Score: 5, Funny

    It's been 20 minutes now and KDE doesn't have the fix up yet.

    This is just rediculous. Why are they taking so long? I don't have all day. ;)

    Seriously though, with a long list of IE bugs still outstanding and Microsoft blaming Verisign, rather than fixing their software, I'll bet that KDE has a fix a month or more before MS.

  3. Re:Start Timing... by Jucius+Maximus · · Score: 3, Funny
    "6 months: most MSIE users have the security update
    1 year: most Linux/BSD users get around to updating"

    You forgot:

    7 months: security people figure out that MSIE patch doesn't work, MSFT denies it.

    9 months: microsoft releases new patch

    18 months: IE users finally are patched