One can certainly applaud the fact they are discussing this publicly
- but - what they have done is totally a no no (would sound like a no
brainer if you ask me) no matter how much subsequent damage control
you do.
Wrt Mozilla, I strongly feel there is very little point in waiting for
any
On 02/11/2012 11:16 AM, Martin Smith wrote:
Trustwave CA /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
This company has publicly admitted purposefully supplying a
subordinate CA to a company forn the purpose of MITM attacks, by
generating SSL certificates on the fly See
Package: ca-certificates
Version: 20090814+nmu3squeeze1
Severity: important
Trustwave CA
/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
This company has publicly admitted purposefully supplying a subordinate CA to a
company forn the purpose of MITM attacks, by generating SSL certificates
3 matches
Mail list logo
