|
12/25 |
2003/8/26-27 [Uncategorized] UID:29473 Activity:nil |
8/26 A while ago someone posted on motd an url saying that Safari does not validate common name fields. Has this been resolved? I kept up with most Safari updates but never seen this been addressed in a release note. url please. ok tnx. \_ fixed. http://www.secunia.com/advisories/8756 |
www.secunia.com/advisories/8756 -> secunia.com/advisories/8756 This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website. The authenticity part is completely broken when the Common Name isn't verified, since the user can't know if he is communicating with the host in the address bar. Exploitation of this requires that a malicious person is able to perform DNS spoofing (eg. |