Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE and Konqueror Bug Makes SSL Insecure

Posted by CmdrTaco on Monday August 12, 2002 @02:41AM from the well-doesn't-that-suck dept.

Spad writes "The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo bastian for the blazing fast fix (95 minutes since it was reported).

3 of 443 comments (clear)

Min score:

Reason:

Sort:

The Race is on... by psychofox · 2002-08-12 02:55 · Score: 0, Redundant

This should be interesting:
An identical flaw in a piece of Microsoft and a piece of Open Source software...
I wonder which will be fixed first?
And so M$ issues another security+DRM patch by surprise_audit · 2002-08-12 05:04 · Score: 0, Redundant

Will anyone here be surprised if the 'patch' for this little lapse of concentration is 100's of Kb big and replaces several dll's that tighten the DRM chokehold just a little bit more. While also fixing the SSL cert problem, of course... :)
Oh, and while we're being sceptical, the click-through EULA for downloading and/or installing the patch will probably mutate yet again, either subtly or not-so-subtly to move M$ ever further from responsibility for software that's "so badly written it's a National Security issue", while at the same time tightening the monopoly screws even tighter.
re: IE and Konqueror Bug by vanlomez · 2002-08-12 05:51 · Score: 0, Redundant

...that's why I use Gnome w/ Opera :)