[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Wed Mar 10 16:59:44 2004 -->
- <!--x-from-r13: zuvefpu ng ahoevqtrf.pbz ([vpunry R. Vvefpu) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] Plain text SSL certs and Konqueror -->
- <li><em>date</em>: Wed Mar 10 16:59:44 2004</li>
- <li><em>from</em>: mhirsch at nubridges.com (Michael D. Hirsch)</li>
- <li><em>subject</em>: [ale] Plain text SSL certs and Konqueror</li>
Scammers can also configure their web server so that deceptive SSL
certificates won't trigger an alert in the user's browser. "One of the
SSL encoding methods is 'plain text'," Neal Krawetz from Secure Science
Corporation noted in the SANS post on the issue. "Most SSL servers have
this disabled by default, but most browsers support it. When plain text
is used, no central certificate authority is consulted and the user
never sees a message asking if a certificate should be accepted
(because 'plain text' doesn't use certificates). Keeping that in mind,
the little lock icon may not even indicate an encrypted channel. The
little lock only indicates an SSL connection."
I went looking for these "plain text" SSL encodings in my browser of
choice konqueror. Konq offers a pretty good view of it's ssl setup,
listing every ssl encryption method, both SSLv2 and SSLv3. None of
them are listed as "plain text". Anyone know what they are?
There are a couple listed as "(0 of 0 bits)" which sounds kinda like a
non-encryption method. A few examples are FZA-FZA-CBC-SHA,
FZA-NULL-SHA, NULL-MD%, and NULL-SHA. Are these in fact plain text?
If so, the good news is that they come disabled by default.
Curiously yours,
Michael
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00303.html">[ale] Ride from ALE Central meeting</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00307.html">[ale] Power supply</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00314.html">[ale] Ride from ALE Central meeting</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00308.html">[ale] dragging response times</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00304"><strong>Date</strong></a></li>
<li><a href="threads.html#00304"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>