Author Topic: USE IE...SSL is INSECURE....OOPS  (Read 1337 times)

pkd_lives

  • Member
  • **
  • Posts: 554
  • Kudos: 0
USE IE...SSL is INSECURE....OOPS
« on: 13 August 2002, 18:58 »
I am thinking that when you use a web browser, and it  claims to conform to a certain security protocol, it should not in fact remain liable to the very type of attack the security protocol is supposed to prevent.

http://digitalmass.boston.com/news/2002/08/13/security_flaw.html

Happy reading.
Tough - Adapt or die : Read The Fucking Manual.

Local Area Network in Australia: the LAN down under.


Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
USE IE...SSL is INSECURE....OOPS
« Reply #1 on: 13 August 2002, 20:10 »
quote:
http://digitalmass.boston.com/news/2002/08/13/security_flaw.html:

Security flaw found in Microsoft Web browser

By Elinor Mills Abreu, Reuters, 08/13/02  

SAN FRANCISCO

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
USE IE...SSL is INSECURE....OOPS
« Reply #2 on: 13 August 2002, 21:07 »
Too bad the same problem exists in Konqueror.  But KDE had a fix the same day the sploit was revealed.  Mozilla does not appear to have the problem.
Someone please remove this account. Thanks...

HibbeeBoy

  • Member
  • **
  • Posts: 246
  • Kudos: 0
USE IE...SSL is INSECURE....OOPS
« Reply #3 on: 13 August 2002, 21:28 »
Is this a ploy by M$ to give credibility to Palladium ? Evry f*****g day it's something.
Democracy, it's like three wolves and a sheep voting on what's for dinner.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
USE IE...SSL is INSECURE....OOPS
« Reply #4 on: 13 August 2002, 21:28 »
Someone please remove this account. Thanks...

dbl221

  • Member
  • **
  • Posts: 253
  • Kudos: 0
USE IE...SSL is INSECURE....OOPS
« Reply #5 on: 13 August 2002, 22:19 »
Oh man! I seem to recall in Interrnet Security class
THAT THIS WAS ONE OF FIRST RULES OF ANY SECURE CONNECTION.
Authentication and Autorization are beaten into your head every
day in Computer-Systems Hell...er I mean school.

I wish I could get a job where I could get paid to be
as stupid as the FuckTards at Micro$hit.
dbl221***Comp-Sys walking wounded

eXor

  • Newbie
  • *
  • Posts: 18
  • Kudos: 0
    • http://x-men.arowa.com
USE IE...SSL is INSECURE....OOPS
« Reply #6 on: 14 August 2002, 04:55 »
What about Opera 6.01 on Windows?

Is it affected by this?

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
USE IE...SSL is INSECURE....OOPS
« Reply #7 on: 14 August 2002, 05:17 »
Someone please remove this account. Thanks...

beltorak0

  • Member
  • **
  • Posts: 223
  • Kudos: 0
    • http://www.angelfire.com/realm/beltorak
USE IE...SSL is INSECURE....OOPS
« Reply #8 on: 14 August 2002, 06:28 »
i was wondering whewn this would appear in the forums;
incedentally, mozilla (addmittedly pre-1.0) appeared too buggy to support the bug.  lol.
<--- snip  http://theregister.co.uk/content/4/26620.html   snip ---->


Konqueror turned out quite vulnerable, as I mentioned above. Mozilla was not vulnerable, but I'm not sure if that's because it handled the situation properly, or is, ironically, somehow too buggy to be exploited.

<--- snip --->
With Mozilla the URL, https://www.amazon.com simply went nowhere. No cert warning, no 404, nothing. The browser simply remained on the page from which I started. The behavior was the same when I typed the URL into the address bar.

I honestly don't know if that qualifies as success or a felicitous failure; but either way Mozilla users can continue to use SSL in the mean time, while Microsoft and VeriSign are bickering and blaming each other for the problem.

<--- snip snip ---->

that was yesterday.

-t.
from Attrition.Org
 
quote:
Like many times before, Microsoft is re-inventing the wheel and opting for something other than round.

-t.


sporkme

  • Member
  • **
  • Posts: 501
  • Kudos: 149
    • http://sporkme.net/
USE IE...SSL is INSECURE....OOPS
« Reply #9 on: 14 August 2002, 06:58 »
quote:
incedentally, mozilla (addmittedly pre-1.0) appeared too buggy to support the bug. lol.


well put

SHOCK AND DISBELIEF! ie is insecure?  why, what if they have my credit card number?!?!?!  oh wait.. that isnt a problem for me...

ya this REALLY makes palladium look like the way to go, because SURELY history does not repeat itself in microsoft's FINE line of products... errrrrrrr....
just that you do not take an interest in politics does not mean that politics will not take an interest in you.  -pericles 430 b.c.

pkd_lives

  • Member
  • **
  • Posts: 554
  • Kudos: 0
USE IE...SSL is INSECURE....OOPS
« Reply #10 on: 16 August 2002, 19:56 »
Update: Konquerer released a fix, Opera 6.05 includes the fix, moxilla, no issue, netscape - unknown, IE still debating the validity of the bug.

http://www.theregister.co.uk/content/4/26714.html

Hmm. Opera may be closed source, but they certainly try to keep up to date, and appear to have no problem accepting bugs and fixing them, and I believe it is now the most standards compliant browser on the web (according to their website statement).

M$ take note, it is possible to have a good reputation and be closed source - It's called customer response.
Tough - Adapt or die : Read The Fucking Manual.

Local Area Network in Australia: the LAN down under.


voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
USE IE...SSL is INSECURE....OOPS
« Reply #11 on: 16 August 2002, 22:35 »
Or for the Linux/UNIX version of Oprah, v6.03 has the bug fixes:

http://www.opera.com/pressreleases/en/2002/08/20020816.html
Someone please remove this account. Thanks...

pkd_lives

  • Member
  • **
  • Posts: 554
  • Kudos: 0
USE IE...SSL is INSECURE....OOPS
« Reply #12 on: 16 August 2002, 23:44 »
You see that there is the problem. We are conditioned by long term use. I hate M$ (I think I may have said that before) but I keep with the bloody assumption of Windows.

I try to kick it, I'm a preacher to my family and friends for conversion (I have very very few who still use Hotmail), Calum brought me up on it a while back, and still I do it.

I think it is because M$ is so easy to use, you don't need to think when you use it, and that is a fearsomely contagious disease, and it spreads fast once you're infected.
Tough - Adapt or die : Read The Fucking Manual.

Local Area Network in Australia: the LAN down under.


voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
USE IE...SSL is INSECURE....OOPS
« Reply #13 on: 17 August 2002, 00:16 »
Well, you don't have to think when you use it as long as it's not broken, and you don't have to do anything useful.  I used DOS/Windows before I got in to UNIX (well Windows 3.0 was the latest Windows release at that time).  After learning UNIX I feel extremely hampered when using windows.  It's a severely boxed in feeling with hardened limiting borders. I to this day have not found the borders in UNIX.
Someone please remove this account. Thanks...

Doctor V

  • Member
  • **
  • Posts: 661
  • Kudos: 0
USE IE...SSL is INSECURE....OOPS
« Reply #14 on: 19 August 2002, 06:33 »
quote:
Originally posted by pkd:
You see that there is the problem. We are conditioned by long term use. I hate M$ (I think I may have said that before) but I keep with the bloody assumption of Windows.

I try to kick it, I'm a preacher to my family and friends for conversion (I have very very few who still use Hotmail), Calum brought me up on it a while back, and still I do it.

I think it is because M$ is so easy to use, you don't need to think when you use it, and that is a fearsomely contagious disease, and it spreads fast once you're infected.




You just have to try Linux.  And you have to really try.  Because when I first did, it took me about a week before I was really in the swing of things, and usually it does take some time to get used to.  There are so many people that if they try somthing, they want immediate resutls.  They will hate it until they are fully comfortable with it.  This is not a good thing.  Though there will likely be headaches in the beginning.  In the long run Linux will reduce them several times over.  Its just getting past that first week or two.  And Linux not nearly as hard to install as it has traditionally been.  Look, M$ is out to screw you over.  They want to squeeze every little penny out of you that they can.  Linux is the cure for the disease your talking about.  After a little while, you'll find that its not that hard to use actually.  

V