Full Disclosure mailing list archives
Re: Trustwave and Mozilla
From: Nick Boyce <nick.boyce () gmail com>
Date: Mon, 13 Feb 2012 16:18:56 +0000
On Sun, Feb 12, 2012 at 10:54 AM, Jeffrey Walton <noloader () gmail com> wrote: https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972
In case folks are interested in the following Mozilla's response to active MitM attacks that were facilitated by Trustwave, the bug report is here: http://bugzilla.mozilla.org/show_bug.cgi?id=724929.
Can anyone confirm that Trustwave CA certificates in the local Mozilla certificate store are the ones with names containing the word "SecureTrust" ? I want to disable Trustwave CAs on all my local systems, but am not certain which are the relevant ones. For some benighted reason, the word "Trustwave" is not present in any of the certificate names in the FF certificate store on WinXP or Debian (Iceweasel). Ironically of course, the word "trust" appears everywhere :) I found a page at mozilla.org which appears to show all CAs included with FF, and that Trustwave certificates are labelled "SecureTrust" : http://www.mozilla.org/projects/security/certs/included/ but I would like confirmation from Someone Who Knows Better. Be advised: the above page appears to be some kind of .. [recoils in horror] .. XML which doesn't render properly on WinXP, but renders fine on Debian Linux. Maybe there's some XSL needed somewhere. Cheers Nick -- XML is like violence. If it doesn't solve the problem, use more.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Trustwave and Mozilla Jeffrey Walton (Feb 12)
- Re: Trustwave and Mozilla Valdis . Kletnieks (Feb 12)
- Re: Trustwave and Mozilla decoder (Feb 13)
- Re: Trustwave and Mozilla Nick Boyce (Feb 13)
- Re: Trustwave and Mozilla Nick Boyce (Feb 13)