[security] SL comprimise
Kurt Seifried
kurt at seifried.org
Wed Mar 30 18:09:58 UTC 2011
http://www.linux-magazine.com/Issues/2010/112/ATTACKS-AGAINST-SSL/(kategorie)/0
http://www.linux-magazine.com/Issues/2010/114/BREACH-OF-TRUST/(kategorie)/0
And perfectly, just today:
http://it.slashdot.org/story/11/03/30/1325230/Comodo-Says-Two-More-RAs-Compromised
So... eBay has been selling secureID tokens to ebay/paypal customers
for $5, to secure access to your accounts for several years now, but
Comodo, who is literally selling trust, just uses a username/password?
Hell, Gmail, for free, now does two factor authentication.
Seriously, how can you trust something like a CA when they behave this
badly/incompetently?
-Kurt
On Sun, Mar 27, 2011 at 2:54 AM, James A. Donald <jamesd at echeque.com> wrote:
> On 2011-03-26 6:36 AM, Kurt Seifried wrote:
>>
>> There are some other major issues but as far as I can tell SSL is so
>> fundamentally broken at the design and operational level it can't be
>> fixed, I wrote some articles last year but gave up tilting at
>> windmills because it was largely having no effect.
>
> Please point me to those articles.
>
--
Kurt Seifried
kurt at seifried.org
skype: 1-703-879-3176
More information about the security
mailing list