Hi,
I saw that a while ago but didn't report immediately about it, despite
it being very interesting.
So this site distribut a Firefox extension that can automatically report
if a server is using a weak key from the Debian Openssl vulnerability.
It now also detects the use of md5 :
http://www.codefromthe70s.org/sslblacklist.aspx
But by far the most interesting thing on the site is the list of ssl
sites that are *still* using compromised keys, established through that
extension :
http://www.codefromthe70s.org/sslblacklist-badcerts.aspx
Several of them have been issued by Thawte, there's at least one that
has been issued by Verisign ( https://secure.hostelworld.com )
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
