Oh, so it is those green colored SSL sites in the url bar... I should have guessed but the article did not provide much clue. B-(
On Thu, Jul 23, 2009 at 2:06 PM, Darin McGee <da...@basehex.com> wrote: > This was reported months ago in the news, no real threat as Francois > said. > > EV certs are used for "extended validation" that means the company that > is issued the cert is further investigated and confirmed to be > trustworthy. This cert also turns the URL bar green in IE. > > Really nothing but a BIG rip off by the issuers of the certs. These > certs cost a lot more than normal certs. > > -----Original Message----- > From: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] > On Behalf Of Arno Garrels > Sent: Thursday, July 23, 2009 3:15 AM > To: ICS support mailing > Subject: Re: [twsocket] OT: SSL is now cracked by researchers! > > Fastream Technologies wrote: > > Hello, > > > > Glad that it interested you..! Anyway, I wonder if ICS TSslHttpCli > > uses EV SSL certs and whether it is vulnerable. > > Never heard of EV certificates. As I read the article it's some kind > of "man in the middle" attack downgrading a secure to a plain text > connection and spoofing some security indicators like the yellow lock > icon in browsers. Detecting "man in the middle" attacks is possible > with ICS-SSL however not a built-in feature. The application developer > is responsible to handle this properly. Method PostConnectionCheck() > provides easy detection of such attacks, have look at the HTTP client > demo. > > -- > Arno Garrels > > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > > __________ Information from ESET Smart Security, version of virus > signature database 4269 (20090723) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > __________ Information from ESET Smart Security, version of virus > signature database 4269 (20090723) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be