Oh, so it is those green colored SSL sites in the url bar... I should have
guessed but the article did not provide much clue. B-(

On Thu, Jul 23, 2009 at 2:06 PM, Darin McGee <da...@basehex.com> wrote:

> This was reported months ago in the news, no real threat as Francois
> said.
>
> EV certs are used for "extended validation" that means the company that
> is issued the cert is further investigated and confirmed to be
> trustworthy. This cert also turns the URL bar green in IE.
>
> Really nothing but a BIG rip off by the issuers of the certs.  These
> certs cost a lot more than normal certs.
>
> -----Original Message-----
> From: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org]
> On Behalf Of Arno Garrels
> Sent: Thursday, July 23, 2009 3:15 AM
> To: ICS support mailing
> Subject: Re: [twsocket] OT: SSL is now cracked by researchers!
>
> Fastream Technologies wrote:
> > Hello,
> >
> > Glad that it interested you..! Anyway, I wonder if ICS TSslHttpCli
> > uses EV SSL certs and whether it is vulnerable.
>
> Never heard of EV certificates. As I read the article it's some kind
> of "man in the middle" attack downgrading a secure to a plain text
> connection and spoofing some security indicators like the yellow lock
> icon in browsers. Detecting "man in the middle" attacks is possible
> with ICS-SSL however not a built-in feature. The application developer
> is responsible to handle this properly. Method PostConnectionCheck()
> provides easy detection of such attacks, have look at the HTTP client
> demo.
>
> --
> Arno Garrels
>
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4269 (20090723) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4269 (20090723) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to