Bugtraq mailing list archives
Re: IE SSL Vulnerability
From: robert walker <robert.walker () gems3 gov bc ca>
Date: 15 Aug 2002 23:11:22 -0000
In-Reply-To: <Pine.BSO.4.33.0208031620550.8632-100000 () moxie thoughtcrime org> Given my background in cryptographic programming, it is difficult for me to imagine how the cause of this alleged vulnerability could be explained as programmer error or oversight. Yet I cannot fathom why MS would purposely skip such a basic step. I am waiting to hear Microsoft's side of the story. Because it goes to a core issue of whether or not they themselves are trustworthy. My car has airbags which protect me in a collision. Imagine if the manufacturer forgot to install them. What explanation is satisfactory in that circumstance? A huge amount of infrastructure is managed remotely via SSL and IE these days. It just boggles the mind the extent to which the security integrity of that infrastructure is now under a cloud unknowing.
Current thread:
- IE SSL Vulnerability Mike Benham (Aug 06)
- Re: IE SSL Vulnerability Alex Loots (Aug 07)
- Re: IE SSL Vulnerability Mike Benham (Aug 09)
- Re: IE SSL Vulnerability Paweł Krawczyk (Aug 10)
- Re: IE SSL Vulnerability Mike Benham (Aug 09)
- Re: IE SSL Vulnerability Balazs Scheidler (Aug 10)
- Re: IE SSL Vulnerability Balazs Scheidler (Aug 10)
- Re: IE SSL Vulnerability Torbjörn Hovmark (Aug 10)
- Re: IE SSL Vulnerability (Konqueror affected too) Thomas C. Greene (Aug 12)
- <Possible follow-ups>
- RE: IE SSL Vulnerability Pidgorny, Slav (Aug 09)
- Re: IE SSL Vulnerability Torbjörn (Aug 10)
- Re: IE SSL Vulnerability robert walker (Aug 16)
- Re: IE SSL Vulnerability Charles Miller (Aug 19)
- Re: IE SSL Vulnerability J. Lasser (Aug 20)
- Re: IE SSL Vulnerability Charles Miller (Aug 19)
- Re: IE SSL Vulnerability Alex Loots (Aug 07)