FYI: Possibility for SSL spoofing in recent Firefox 3
Bruno Wolff III
bruno at wolff.to
Tue May 20 07:40:42 UTC 2008
On Tue, May 20, 2008 at 10:49:56 +0400,
Peter Lemenkov <lemenkov at gmail.com> wrote:
> Hello All!
> For those who doesn't read blog at StartCom here is an interesting post:
>
> https://blog.startcom.org/?p=86
>
> Looks like the designers of Firefox 3 did some questionable changes in
> design of Firefox 3.
If you are looking at colored address bars or padlock icons to decide if
you are at the site you intend to be, you are doing things incorrectly.
Firefox 3 is actually better at letting you check you are at a site you
intend to be, since it lets you both remove all of the root CA's and
allows you to individually save certificates, so that you will actually
notice when you see a new one and can carefully check it if you desire.
This is still clunky, but its actually more useful than just relying on
the site you are visiting paying protection money.
More information about the devel
mailing list