Berkeley CSUA MOTD:Entry 29473
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/12/25 [General] UID:1000 Activity:popular
12/25   

2003/8/26-27 [Uncategorized] UID:29473 Activity:nil
8/26    A while ago someone posted on motd an url saying that Safari does
        not validate common name fields.  Has this been resolved?  I kept
        up with most Safari updates but never seen this been addressed in
        a release note.  url please.  ok tnx.
        \_ fixed.  http://www.secunia.com/advisories/8756
Cache (357 bytes)
www.secunia.com/advisories/8756 -> secunia.com/advisories/8756
This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website. The authenticity part is completely broken when the Common Name isn't verified, since the user can't know if he is communicating with the host in the address bar. Exploitation of this requires that a malicious person is able to perform DNS spoofing (eg.