funsec mailing list archives
Trustwave and Mozilla
From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 12 Feb 2012 05:54:30 -0500
Hi All, https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 In case folks are interested in the following Mozilla's response to active MitM attacks that were facilitated by Trustwave, the bug report is here: http://bugzilla.mozilla.org/show_bug.cgi?id=724929. For what its worth, pinning the certificate can usually remediate these sorts of MitM attacks, but Mozilla subverted it: http://ssl.entrust.net/blog/?p=615. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Trustwave and Mozilla Jeffrey Walton (Feb 12)
- Re: [Full-disclosure] Trustwave and Mozilla Valdis . Kletnieks (Feb 12)