USE IE...SSL is INSECURE....OOPS

[pkd_lives]

I am thinking that when you use a web browser, and it  claims to conform to a certain security protocol, it should not in fact remain liable to the very type of attack the security protocol is supposed to prevent.

http://digitalmass.boston.com/news/2002/08/13/security_flaw.html

Happy reading.

[Refalm]

quote:http://digitalmass.boston.com/news/2002/08/13/security_flaw.html:

Security flaw found in Microsoft Web browser

By Elinor Mills Abreu, Reuters, 08/13/02  

SAN FRANCISCO

[voidmain]

Too bad the same problem exists in Konqueror.  But KDE had a fix the same day the sploit was revealed.  Mozilla does not appear to have the problem.

[HibbeeBoy]

Is this a ploy by M$ to give credibility to Palladium ? Evry f*****g day it's something.

[voidmain]

And a link:
KDE smokes MS in SSL bug fix

[dbl221]

Oh man! I seem to recall in Interrnet Security class
THAT THIS WAS ONE OF FIRST RULES OF ANY SECURE CONNECTION.
Authentication and Autorization are beaten into your head every
day in Computer-Systems Hell...er I mean school.

I wish I could get a job where I could get paid to be
as stupid as the FuckTards at Micro$hit.

[eXor]

What about Opera 6.01 on Windows?

Is it affected by this?

[voidmain]

Yep, Oprah is also vulnerable:
http://www.opera.com/pressreleases/en/2002/08/20020813.html

[beltorak0]

i was wondering whewn this would appear in the forums;
incedentally, mozilla (addmittedly pre-1.0) appeared too buggy to support the bug.  lol.
<--- snip  http://theregister.co.uk/content/4/26620.html   snip ---->


Konqueror turned out quite vulnerable, as I mentioned above. Mozilla was not vulnerable, but I'm not sure if that's because it handled the situation properly, or is, ironically, somehow too buggy to be exploited.

<--- snip --->
With Mozilla the URL, https://www.amazon.com simply went nowhere. No cert warning, no 404, nothing. The browser simply remained on the page from which I started. The behavior was the same when I typed the URL into the address bar.

I honestly don't know if that qualifies as success or a felicitous failure; but either way Mozilla users can continue to use SSL in the mean time, while Microsoft and VeriSign are bickering and blaming each other for the problem.

<--- snip snip ---->

that was yesterday.

-t.

[sporkme]

quote:incedentally, mozilla (addmittedly pre-1.0) appeared too buggy to support the bug. lol.

well put

SHOCK AND DISBELIEF! ie is insecure?  why, what if they have my credit card number?!?!?!  oh wait.. that isnt a problem for me...

ya this REALLY makes palladium look like the way to go, because SURELY history does not repeat itself in microsoft's FINE line of products... errrrrrrr....

[pkd_lives]

Update: Konquerer released a fix, Opera 6.05 includes the fix, moxilla, no issue, netscape - unknown, IE still debating the validity of the bug.

http://www.theregister.co.uk/content/4/26714.html

Hmm. Opera may be closed source, but they certainly try to keep up to date, and appear to have no problem accepting bugs and fixing them, and I believe it is now the most standards compliant browser on the web (according to their website statement).

M$ take note, it is possible to have a good reputation and be closed source - It's called customer response.

[voidmain]

Or for the Linux/UNIX version of Oprah, v6.03 has the bug fixes:

http://www.opera.com/pressreleases/en/2002/08/20020816.html

[pkd_lives]

You see that there is the problem. We are conditioned by long term use. I hate M$ (I think I may have said that before) but I keep with the bloody assumption of Windows.

I try to kick it, I'm a preacher to my family and friends for conversion (I have very very few who still use Hotmail), Calum brought me up on it a while back, and still I do it.

I think it is because M$ is so easy to use, you don't need to think when you use it, and that is a fearsomely contagious disease, and it spreads fast once you're infected.

[voidmain]

Well, you don't have to think when you use it as long as it's not broken, and you don't have to do anything useful.  I used DOS/Windows before I got in to UNIX (well Windows 3.0 was the latest Windows release at that time).  After learning UNIX I feel extremely hampered when using windows.  It's a severely boxed in feeling with hardened limiting borders. I to this day have not found the borders in UNIX.

[Doctor V]

quote:Originally posted by pkd:
You see that there is the problem. We are conditioned by long term use. I hate M$ (I think I may have said that before) but I keep with the bloody assumption of Windows.

I try to kick it, I'm a preacher to my family and friends for conversion (I have very very few who still use Hotmail), Calum brought me up on it a while back, and still I do it.

I think it is because M$ is so easy to use, you don't need to think when you use it, and that is a fearsomely contagious disease, and it spreads fast once you're infected.

You just have to try Linux.  And you have to really try.  Because when I first did, it took me about a week before I was really in the swing of things, and usually it does take some time to get used to.  There are so many people that if they try somthing, they want immediate resutls.  They will hate it until they are fully comfortable with it.  This is not a good thing.  Though there will likely be headaches in the beginning.  In the long run Linux will reduce them several times over.  Its just getting past that first week or two.  And Linux not nearly as hard to install as it has traditionally been.  Look, M$ is out to screw you over.  They want to squeeze every little penny out of you that they can.  Linux is the cure for the disease your talking about.  After a little while, you'll find that its not that hard to use actually.  

V