On 5/22/11, t...@lists.grepular.com wrote:
> On 22/05/2011 20:03, Lee wrote:
>
>>> I use a Firefox addon called Certificate Patrol. It keeps a record of
>>> certificates that https websites serve. It then alerts you if they
>>> change. It displays information about the old certificate next to the
On 22/05/2011 20:03, Lee wrote:
>> I use a Firefox addon called Certificate Patrol. It keeps a record of
>> certificates that https websites serve. It then alerts you if they
>> change. It displays information about the old certificate next to the
>> new certificate so you can tell if the issuer h
On 5/22/11, t...@lists.grepular.com wrote:
> On 22/05/2011 09:00, grarpamp wrote:
>
>>> And a follow-up question if I may - how do you verify that the ssl
>>> connection is to the site you want & not something else? eg:
>>> http://www.wired.com/threatlevel/2010/03/packet-forensics/
>>> What's th
On 5/22/11, grarpamp wrote:
>> And a follow-up question if I may - how do you verify that the ssl
>> connection is to the site you want & not something else? eg:
>> http://www.wired.com/threatlevel/2010/03/packet-forensics/
>> What's the defense against that type of attack?
>
> Well if CA's are
On Thu, 2011-05-19 at 16:39 +0100, t...@lists.grepular.com wrote:
> Hi,
>
> I don't know if this is something we should be concerned about, but I
> thought I'd bring it to your attention anyway.
>
> Firefox 4 implements Content-Security-Policy:
> https://wiki.mozilla.org/Security/CSP/Specificatio
On 22/05/2011 09:00, grarpamp wrote:
>> And a follow-up question if I may - how do you verify that the ssl
>> connection is to the site you want & not something else? eg:
>> http://www.wired.com/threatlevel/2010/03/packet-forensics/
>> What's the defense against that type of attack?
>
> Well if
> And a follow-up question if I may - how do you verify that the ssl
> connection is to the site you want & not something else? eg:
> http://www.wired.com/threatlevel/2010/03/packet-forensics/
> What's the defense against that type of attack?
Well if CA's are giving intermediate CA's to adversar
