On 01/03/2009 07:31 AM, Ben Bucksch:
On 03.01.2009 04:59, Eddy Nigg wrote:
The report is available from here: https://blog.startcom.org/?p=161
That's surely interesting, but the report does not contain any details
of interest.
It only says
"The attack ... involved proxying ,intercepting all c
On Fri, Jan 2, 2009 at 6:17 PM, Nelson B Bolyard wrote:
> There are some (few) users who have become aware of the advice that they
> must check that the certificate belongs to the intended party, but they
> still have no concept of a MITM attack, so they look at the subject name
> in the self-sign
On 03.01.2009 04:59, Eddy Nigg wrote:
The report is available from here: https://blog.startcom.org/?p=161
That's surely interesting, but the report does not contain any details
of interest.
It only says
"The attack ... involved proxying ,intercepting all communication from
and to the browse
On 01/03/2009 05:38 AM, Eddy Nigg:
Before anybody else does, I prefer from posting it myself :-)
http://blog.phishme.com/2009/01/nobody-is-perfect/
http://schmoil.blogspot.com/2009/01/nobody-is-perfect.html
For the interested, StartCom is currently checking if I can release our
internal "critic
Before anybody else does, I prefer from posting it myself :-)
http://blog.phishme.com/2009/01/nobody-is-perfect/
http://schmoil.blogspot.com/2009/01/nobody-is-perfect.html
For the interested, StartCom is currently checking if I can release our
internal "critical event report" of this event to t
Ian G wrote, On 2009-01-02 01:28 PST:
> Lots of very small stores try to do the right thing and set
> up self-signed certs with their cousin or friend doing the website.
They get their cousin or friend to set up a web site for them, because
they don't know anything about web sites except that th
* Ben Bucksch:
> Florian, I think you refer to cert issued to spammers holding a
> domain, and getting a DV cert for that domain that they registered?
> The cert is issued correctly for the domain, just the organization
> does not do clean business. This is a totally different issue.
Oops, sorry,
On 01/02/2009 06:55 PM, ro...@comodo.com:
That thread has a lot going on and I don't propose to try to
address it all. However, I will address your reading of our CPS in an
attempt to bring some degree of clarity.
If I correctly understood your referenced post, you asserted that:
1) Como
At 11:05 AM -0800 1/2/09, geoff.tol...@gmail.com wrote:
>On Dec 31 2008, 3:10 pm, Paul Hoffman wrote:
>
>> I read that blog posting to mean that they were going to keep issuing certs
>> using MD5 signatures, but would use unpredictable sequence numbers like
>> other VeriSign CAs do. Someone can
On Dec 31 2008, 3:10 pm, Paul Hoffman wrote:
> I read that blog posting to mean that they were going to keep issuing certs
> using MD5 signatures, but would use unpredictable sequence numbers like other
> VeriSign CAs do. Someone can validate that by buying a new cert from them. :-)
I had two
On Jan 1, 12:59 am, Eddy Nigg wrote:
> Robin, could you provide some clarifications and your opinion concerning
> the post I made titled "Facts about Comodo Resellers and RAs" in
> particular in relation to the CP and CP statements here:
>
> http://groups.google.com/group/mozilla.dev.tech.crypto/ms
On 28-Dec-08, at 11:43 AM, patri...@certstar.com wrote:
I have a good friend who is working 24/7 and sometimes uses my PC whe
visiting. It is easy to forget to change username on Google groups,
but of course it was my mistake. Sorry about the confusion.
Hi Patricia,
As you have no doubt real
My only guess as to the source of that number is that NSS is reporting the
size in bytes (16) to Java. That key was put in to the db as a 128 bit key.
-Original Message-
> SunPKCS11-NSSfips AES secret key, 16 bits (id 3126949473, token object,
> sensitive, extractable)
16 bits?
smime
Bug https://bugzilla.mozilla.org/show_bug.cgi?id=471665 has been filed and it
appears Nelson has found the source of the problem if anyone is interested.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinf
A few amusing (lies, damned lies, and) statistics...
Small business accounts for slightly more than 50% of the US gross
domestic product (source:
http://www.smallbusinessnotes.com/aboutsb/rs299.html). There were, in
2005 (latest year for which statistics are available), 6 million small
employers
"Legitimate sites will never ask you for your credit card, national ID
number, or any other sensitive information after asking you to add an
exception."
-Kyle H
On Fri, Jan 2, 2009 at 12:16 AM, Daniel Veditz wrote:
> Kyle Hamilton wrote:
>> ("legitimate sites will never ask you to add an excepti
On 2/1/09 09:16, Daniel Veditz wrote:
Kyle Hamilton wrote:
("legitimate sites will never ask you to add an exception" my ass.)
If we shorten the phrase to
"Legitimate banks and stores will not ask you to do this"
would you not agree that is true enough as far as the average non-expert
user
On 1/1/09 22:34, Gervase Markham wrote:
Ian G wrote:
2. In general, such a group will reject any proposal that appears to
favour one member against another; but they will accept any proposal
that requires the same amount of additional work, and increases the
power of the group. In other words
Kyle Hamilton wrote:
> ("legitimate sites will never ask you to add an exception" my ass.)
If we shorten the phrase to
"Legitimate banks and stores will not ask you to do this"
would you not agree that is true enough as far as the average non-expert
user need be concerned?
The furor seems to be
19 matches
Mail list logo
