IE and Konqueror Bug Makes SSL Insecure 452
Spad writes "The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo bastian for the blazing fast fix (95 minutes since it was reported).
Sounds like a feature to me! (Score:4, Funny)
Little did I know, the answer was right in front of me, in the form of the one Verisign certificate I shelled out the cash for :-)
Security. (Score:2, Funny)
And here I was assuming that a fine MS product like Internet Explorer would embody the rock-solid security I've come to expect from the fellows in Redmond.
For shame, for shame.
--saint
Not surprising (Score:2, Funny)
After all, Konqueror is clearly a clone of IE (think about it: explorer vs. conqueror, both are file-managers cum web browsers, etc.). This is just a demonstration of how well the KDE people can emulate MS.
Re:Huh? (Score:2, Funny)
Now, in L33T SP34K:
1E 4ND KoNKw3R0r d0n'T BO+her tO cHeCK Th3 1$Su3r 0f +h15 iNTERmEdi@+E cEr+1PHiC4+3, M4K1nG 55l iN BO+h BR0w5ERS 5OMe+hIN9 0F @ JoK3.
Anyone up for Swedish Chef'ing this?
Damn. (Score:5, Funny)
This is just rediculous. Why are they taking so long? I don't have all day.
Seriously though, with a long list of IE bugs still outstanding and Microsoft blaming Verisign, rather than fixing their software, I'll bet that KDE has a fix a month or more before MS.
Re:Huh? (Score:1, Funny)
All your kardz are belong to us.
Re:SSL is insecure? (Score:1, Funny)
Is "nit-picky" supposed to be hyphenated?
A joke (Score:5, Funny)
Re:Start Timing... (Score:3, Funny)
1 year: most Linux/BSD users get around to updating"
You forgot:
7 months: security people figure out that MSIE patch doesn't work, MSFT denies it.
9 months: microsoft releases new patch
18 months: IE users finally are patched