When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

SSL defeated in IE and Konqueror

thanks prasanth from our BPN Forum

A colossal stuff-up in Microsoft's and KDE's implementation of SSL (Secure Sockets Layer) certificate handling makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse hapless Konqueror and Internet Explorer users with impunity.

In more detail, we have a certificate chain issue discovered by Mike Benham of thoughtcrime.org. A chain is formed when an intermediate certificate is trusted between server and client. Supposedly, the intermediate is accepted only if it's signed by the certificate authority as safe for the purpose. If it's merely signed by another certificate's key, it ought not to be trusted, or at least the user should be warned. Unfortunately, due to a preposterous security engineering oversight, IE and Konqueror don't bother to check this, so if a tricky site owner signs an intermediate cert with another valid cert, users will be none the wiser

News source: The Reg

View: The Full Stroy

Report a problem with article
Next Article

Slipstreaming Office Updates to CD

Previous Article

Creative WebCam Drivers (PD1001 only)