Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do the SSL Watchmen Watch Themselves?

Posted by Soulskill on from the barbers-with-a-good-haircut dept.

StrongestLink writes "In an intriguing twist on the recent Comodo CA vulnerability discussed here last week, security researcher Mike Zusman today revealed that three days prior to StartCom's disclosure of a flaw in a Comodo reseller's registration process, he discovered and disclosed an authentication bypass flaw to StartCom in their own registration process that allowed an attacker to submit an authorized request for any domain. During a month which was marked by the continuing paradigm shift to SSL-verified holiday shopping, the Chain of Trust continues to run off the gears, and Bruce Schneier is even commenting publicly that SSL's site validation mission isn't even relevant. What lies ahead for the billion-dollar CA industry?"

3 of 171 comments (clear)

  1. Re:Let governments handle SSL by Anonymous Coward · · Score: 5, Funny

    I can't wait to see the phishing websites validated by the Nigerian government's CA.

  2. Paradigm Shift? by Zordak · · Score: 2, Funny

    Apparently somebody didn't get the memo that the only valid way to use this phrase anymore is to mock people who want to grow the enterprise by leveraging synergies.

    --

    Today's Sesame Street was brought to you by the number e.
  3. Re:Sorry to go off-topic by 93+Escort+Wagon · · Score: 3, Funny

    quis custodiet ipsos custodes

    Latin for "who will watch the watchers".

    So did you know that phrase before it was used on Star Trek: TNG?

    --
    #DeleteChrome