| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 5/25 |
| 2003/5/10-11 [Computer/SW/WWW/Server] UID:28395 Activity:nil |
5/9 SSL Common name verification bug in Safari (don't use it with SSL
sites): http://www.secunia.com/advisories/8756 |
| www.secunia.com/advisories/8756 -> secunia.com/advisories/8756 This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website. The authenticity part is completely broken when the Common Name isn't verified, since the user can't know if he is communicating with the host in the address bar. Exploitation of this requires that a malicious person is able to perform DNS spoofing (eg. |