Slashdot Mirror


IE and Konqueror Bug Makes SSL Insecure

Spad writes "The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo bastian for the blazing fast fix (95 minutes since it was reported).

20 of 443 comments (clear)

  1. Wow... by Klerck · · Score: -1, Troll

    After all this time of blaming Microsoft for stealing code, it turns out Konqueror stole code from Microsoft. For shame.

  2. See! by Anonymous Coward · · Score: -1, Troll

    This is exactly why all you Konqueror users should be using Mozilla, or at least KMozilla.

  3. Konqueror by Anonymous Coward · · Score: -1, Troll

    What do you expect from a group of sweaty hobbyist programmers that pigheadedly insist on naming their programs in Klan-talk?

  4. Bingo by tanveer1979 · · Score: -1, Troll

    "IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke."

    And it was caught so late! And that makes me think wether the abouve statement is right? If it was somehting very serious and obvious... then it should have been caught long time ago.
    I wonder how many more bugs are lurking!

    --
    My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
    FB : https://www.facebook.com/TanveersPhotography
  5. Secure SSL is a joke by Anonymous Coward · · Score: 0, Troll

    with names displayed in a font in which capital-I and lower-case-l look the same, do you accept this certificate from lnteI?

  6. Klan-talk? by Anonymous Coward · · Score: -1, Troll

    What the hell is "Klan-talk"?

    1. Re:Klan-talk? by Anonymous Coward · · Score: -1, Troll

      Spelling words with a k, you klan kunt.

  7. Re:And... by Anonymous Coward · · Score: -1, Troll

    Mozilla isn't the core of Konqueror. The KDE folks made their own thing, duplicating the effort of others rather than combining their efforts... This *is* open sores software, after all.

  8. Shut up you fag. by Anonymous Coward · · Score: -1, Troll

    Since trollaxor.com is gone, you feel the need to spread your unique brand of faggotry back to Slashdot. The only good thing about Trollaxor.com is that it kept queers like you away.

    Go away, you are scum.

  9. humm.. by Anonymous Coward · · Score: -1, Troll

    Ok what is so insequre here. Must sites use SSL to just encrypt the damn stream so sniffers will see garbage.

  10. How long have the blackhats known? by Jeppe+Salvesen · · Score: 1, Troll

    Really - wouldn't this sort of vulnerablility be possible to extract by listening intently to the https behavior?

    And is this OpenSSL-wide? Is that what Konqueror uses? And - how could this vulnerability exist in an open source library?

    --

    Stop the brainwash

  11. I wonder... by Anonymous Coward · · Score: -1, Troll

    ...who stole code from the other guy?

  12. The real bug is... by stienman · · Score: 2, Troll

    The real insecurity is that they trust Verisign by default.

    -Adam

  13. Re:Whoah... by Anonvmous+Coward · · Score: 2, Troll

    "Konqueror != Linux, unlike IE which IS part of Windows (see Microsoft's own testimony in the antitrust trial)."

    It still comes with KDE. Now, to be fair, it's not as interconnected as say Outlook is to IE. However, SSL is a typical browsing mode that has to be secure. Just because the problem exists, it isn't anymore a vulnerability to Windows than Konqueror is to Linux.

    However, that is far from the point I was making. The point I was making was that security on any OS or browser is a myth. Switching to Linux doesn't make your computer more secure, it makes it more obscure.

    The only reason that hasn't harshly been demonstrated yet is that Linux users are few and far between compared to Windows or even Mac users. So Windows bears the most of the brunt of the effort put into taking it down. Trust me, if/when Linux has it's day, it'll have it's share of security related issues as well. I don't care if you disagree with me on that point or not. However, you're not doing yourself any harm by treating your computer as though it is vulnerable, and take sensible precautions.

  14. Re:testing Moz 0.9.4 doesn't qualify as a test by Shimbo · · Score: 0, Troll
    Testing Moz 0.9.4 doesn't qualify as a test.


    I see; and testing IE5 and IE5.5 is different how? I expected he tested the version that happened to be installed. You would only have to be running, say SuSe 7.3 (only one version behind the current) to have Mozilla 0.9.4 pre-installed.

  15. Re:On my opinion it's not a bug - it's a feature! by Anonymous Coward · · Score: -1, Troll

    Reality check: people do not use [their brains] to check grammar and spelling validity. They use [their brains] to stop the flow of fecal matter through their digestive systems. Removing one's head form the lateral position in said digestive system is much more remote possibility than having good grammar, spelling, and coherent ideas.

    People that didn't remove their head from their ass are getting what they ought to.

  16. Re:Whoah... by Anonymous Coward · · Score: -1, Troll

    Oh why don't you shut up you wuss!

  17. Re:funny... by Anonymous Coward · · Score: -1, Troll

    I find it refreshing to see YOU for the POS that YOU are.

  18. Re:Whoah... by Anonvmous+Coward · · Score: 0, Troll

    "Oh why don't you shut up you wuss!"

    What's the matter? Don't have a counterpoint so ya want me to shut up?

  19. Re:Well I see /. says a "fix" is available now... by talks_to_birds · · Score: 0, Troll
    M$ pimp..

    t_t_b

    --
    I'm on PJ's "enemies" list! Are you?