[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Security issue in Konqueror
From: Igor Gilitschenski <igi-g () gmx ! net>
Date: 2001-06-22 20:28:09
[Download RAW message or body]
Hi,
A co-worker of mine pointed my attention at a possible Security problem
in Konqueror today.
While connecting to a i.e. Self-certified SSL site, you don't recieve a
warning. You surely question, what the problem about this is.
The point is the following: This makes an eventual man in the Middle
attack possbile.
Let me give you an example:
Without an attack:
host <---[Server's Certificate]-- Server
|
|
Signed by trust center
With an attack:
host <-[wrong CERT]- man in the middle -[right CERT]- Server
A warning should inform about the Trust Center which signed the
Servers Key and it should tell it's creators.
What do you think?
Igor
--
"Die Wirklichkeit ist nicht die Wahrheit"
- Realitaetspinzip, 1983, Erich Fried
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic