Duane wrote:
Ian G wrote:
http://www.techworld.com/security/news/index.cfm?NewsID=3468
SSL 'security' aiding online fraud
Considering the "experts" giving these claims are trying to sell more
expensive certs, I'm going to take it with a grain of salt until more
attacks hitting my inbox really do start using SSL, so far the only
Yes, I know. And, literally, they confuse the
issue by talking about unvalidated security threats
without talking about the validated threats.
But I found the title quite apropos; the browser
doesn't defend against control certs just like it
doesn't defend against phishing, and the solution
for both threats is the same.
person that I know to unequivocally to state (that is without a
blatantly obvious ulterior motive) an attack used an SSL cert was you.
Blush ;) I wish I'd recorded the evidence now, I
didn't think it would be such a rare event at the
time, I honestly thought that we were about to see
a rash of attacks using false or stolen certs. Oh
well, maybe next time.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
