*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
Public bug reported:
Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand
the APIs when using SSL/TLS, which might cause severe man in the middle
attack and break the entire TLS mechanism.
We believe that
Public bug reported:
Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand
the APIs when using SSL/TLS, which might cause severe man in the middle
attack and break the entire TLS mechanism.
We believe that scrollz
Public bug reported:
Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand
the APIs when using SSL/TLS, which might cause severe man in the middle
attack and break the entire TLS mechanism.
We believe that
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
I am very glad to receive your responce.
We test links in Ubuntu 12.04.
thanks,
rainkin
-- 原始邮件 --
发件人: Axel Beckert;a...@debian.org;
发送时间: 2014年10月18日(星期六) 凌晨2:51
收件人: rainkin598105...@qq.com;
主题: [Bug 1381936] Re: SSL connection is not secure in links
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
to simulate the DNS hijack
- 46.137.23.30 attacker.com
-(46.137.23.30 is a normal irc server)
-
- 2. #rainkin@rainkin:~$ epic5 rainkin attacker.com:6697:::OPN:irc-ssl
-
- 3. result : succeed!!!
-
- The fetch succeeded, indicating the software didn't check the hostname
- against
** Description changed:
Recently, our group is trying to find SSL security problems by static
analysis. When using Openssl, people tend to miss the step or to
misunderstand the APIs when using SSL/TLS, which might cause severe man
in the middle attack and break the entire TLS mechanism.
** Description changed:
Recently, our group is trying to find SSL security problems by static
analysis. When using Openssl, people tend to miss the step or to
misunderstand the APIs when using SSL/TLS, which might cause severe man
in the middle attack and break the entire TLS mechanism.
** Description changed:
Recently, our group is trying to find SSL security problems by static
analysis. When using Openssl, people tend to miss the step or to
misunderstand the APIs when using SSL/TLS, which might cause severe man
in the middle attack and break the entire TLS mechanism.
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
the software manually.
一.Hostname verification
1. change /etc/hosts in order to simulate the DNS hijack
- 46.137.23.30 attacker.com
-(46.137.23.30 is a normal irc server)
+ 46.137.23.30 attacker.com
+ (46.137.23.30 is a normal irc server)
2. #rainkin@rainkin:~$ epic4 rainkin
** Description changed:
Recently, our group is trying to find SSL security problems by static
analysis. When using Openssl, people tend to miss the step or to
misunderstand the APIs when using SSL/TLS, which might cause severe man
in the middle attack and break the entire TLS mechanism.
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using
Public bug reported:
Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand
the APIs when using SSL/TLS, which might cause severe man in the middle
attack and break the entire TLS mechanism.
We believe that xxxterm
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1376592
Title:
X509 certificate verification problem
To manage notifications about this bug
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1378617
Title:
xxxterm has SSL security problems
To manage notifications about this bug go
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1376595
Title:
X509 certificate verification problem
To manage notifications about this bug
** Description changed:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or to misunderstand the APIs when using
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
** Description changed:
- Hostname verification is an important step when verifying X509
- certificates, however, people tend to miss the step or to misunderstand
- the APIs when using SSL/TLS, which might cause severe man in the middle
- attack and break the entire TLS mechanism.
- We believe
** Description changed:
- Hostname verification is an important step when verifying X509
- certificates, however, people tend to miss the step or to misunderstand
- the APIs when using SSL/TLS, which might cause severe man in the middle
- attack and break the entire TLS mechanism.
+ Recently, we
** Description changed:
Recently, we are trying to find SSL security problems by static anaylsis.
For example, Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand the
APIs when using SSL/TLS, which might
** Description changed:
Recently, we are trying to find SSL security problems by static anaylsis.
For example, Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand the
APIs when using SSL/TLS, which might
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static anaylsis.
For example, Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to
** Description changed:
Recently, we are trying to find SSL security problems by static anaylsis.
For example, Hostname verification is an important step when verifying X509
certificates, however, people tend to miss the step or to misunderstand the
APIs when using SSL/TLS, which might
** Description changed:
- Hostname verification is an important step when verifying X509
- certificates, however, people tend to miss the step or to misunderstand
- the APIs when using SSL/TLS, which might cause severe man in the middle
- attack and break the entire TLS mechanism.
+ Recently, we
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1380304
Title:
perdition have some SSL security problems
To manage notifications
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
is a normal irc server)
+
+ 2. #rainkin@rainkin:~$ epic5 rainkin attacker.com:6697:::OPN:irc-ssl
+
+ 3. result : succeed!!!
+
+ The fetch succeeded, indicating the software didn't check the hostname
+ against the signee of the certificate.
+
+ 二. Also for expired time check,
+ 1. change
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
the software manually.
一.Hostname verification
1. change /etc/hosts in order to simulate the DNS hijack
46.137.23.30 attacker.com
(46.137.23.30 is a normal irc server)
2. #rainkin@rainkin:~$ epic4 rainkin attacker.com:6697:::OPN:irc-ssl
3. result : succeed!!!
The fetch succeeded
** Attachment added: wireshark ssl conneting packages
https://bugs.launchpad.net/ubuntu/+source/dma/+bug/1380458/+attachment/4233649/+files/dma.zip
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
*** This bug is a security vulnerability ***
Public security bug reported:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or
** Description changed:
Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or to misunderstand the APIs when using
48 matches
Mail list logo
