IE and Konqueror Bug Makes SSL Insecure
Spad writes "The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo bastian for the blazing fast fix (95 minutes since it was reported).
After all this time of blaming Microsoft for stealing code, it turns out Konqueror stole code from Microsoft. For shame.
This is exactly why all you Konqueror users should be using Mozilla, or at least KMozilla.
What do you expect from a group of sweaty hobbyist programmers that pigheadedly insist on naming their programs in Klan-talk?
"IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke."
And it was caught so late! And that makes me think wether the abouve statement is right? If it was somehting very serious and obvious... then it should have been caught long time ago.
I wonder how many more bugs are lurking!
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
with names displayed in a font in which capital-I and lower-case-l look the same, do you accept this certificate from lnteI?
What the hell is "Klan-talk"?
Mozilla isn't the core of Konqueror. The KDE folks made their own thing, duplicating the effort of others rather than combining their efforts... This *is* open sores software, after all.
Since trollaxor.com is gone, you feel the need to spread your unique brand of faggotry back to Slashdot. The only good thing about Trollaxor.com is that it kept queers like you away.
Go away, you are scum.
Ok what is so insequre here. Must sites use SSL to just encrypt the damn stream so sniffers will see garbage.
Really - wouldn't this sort of vulnerablility be possible to extract by listening intently to the https behavior?
And is this OpenSSL-wide? Is that what Konqueror uses? And - how could this vulnerability exist in an open source library?
Stop the brainwash
The real insecurity is that they trust Verisign by default.
-Adam
"Konqueror != Linux, unlike IE which IS part of Windows (see Microsoft's own testimony in the antitrust trial)."
It still comes with KDE. Now, to be fair, it's not as interconnected as say Outlook is to IE. However, SSL is a typical browsing mode that has to be secure. Just because the problem exists, it isn't anymore a vulnerability to Windows than Konqueror is to Linux.
However, that is far from the point I was making. The point I was making was that security on any OS or browser is a myth. Switching to Linux doesn't make your computer more secure, it makes it more obscure.
The only reason that hasn't harshly been demonstrated yet is that Linux users are few and far between compared to Windows or even Mac users. So Windows bears the most of the brunt of the effort put into taking it down. Trust me, if/when Linux has it's day, it'll have it's share of security related issues as well. I don't care if you disagree with me on that point or not. However, you're not doing yourself any harm by treating your computer as though it is vulnerable, and take sensible precautions.
I see; and testing IE5 and IE5.5 is different how? I expected he tested the version that happened to be installed. You would only have to be running, say SuSe 7.3 (only one version behind the current) to have Mozilla 0.9.4 pre-installed.
Reality check: people do not use [their brains] to check grammar and spelling validity. They use [their brains] to stop the flow of fecal matter through their digestive systems. Removing one's head form the lateral position in said digestive system is much more remote possibility than having good grammar, spelling, and coherent ideas.
People that didn't remove their head from their ass are getting what they ought to.
Oh why don't you shut up you wuss!
I find it refreshing to see YOU for the POS that YOU are.
"Oh why don't you shut up you wuss!"
What's the matter? Don't have a counterpoint so ya want me to shut up?
t_t_b
I'm on PJ's "enemies" list! Are you?