FYI: Possibility for SSL spoofing in recent Firefox 3
On Tue, May 20, 2008 at 10:49:56 +0400,
Peter Lemenkov <firstname.lastname@example.org> wrote:
> Hello All!
> For those who doesn't read blog at StartCom here is an interesting post:
> Looks like the designers of Firefox 3 did some questionable changes in
> design of Firefox 3.
If you are looking at colored address bars or padlock icons to decide if
you are at the site you intend to be, you are doing things incorrectly.
Firefox 3 is actually better at letting you check you are at a site you
intend to be, since it lets you both remove all of the root CA's and
allows you to individually save certificates, so that you will actually
notice when you see a new one and can carefully check it if you desire.
This is still clunky, but its actually more useful than just relying on
the site you are visiting paying protection money.
fedora-devel-list mailing list