[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Security issue in Konqueror
From:       Igor Gilitschenski <igi-g () gmx ! net>
Date:       2001-06-22 20:28:09
[Download RAW message or body]

Hi,

A co-worker of mine pointed my attention at a possible Security problem
in Konqueror today.
While connecting to a i.e. Self-certified SSL site, you don't recieve a
warning. You surely question, what the problem about this is.
The point is the following: This makes an eventual man in the Middle
attack possbile.

Let me give you an example:


Without an attack:
 
host <---[Server's Certificate]-- Server
                  |
                  |
         Signed by trust center


With an attack:

host <-[wrong CERT]- man in the middle -[right CERT]- Server

A warning should inform about the Trust Center which signed the
Servers Key and it should tell it's creators.

What do you think?

Igor
-- 
"Die Wirklichkeit ist nicht die Wahrheit"
- Realitaetspinzip, 1983, Erich Fried
 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic