![]() ![]() ![]() handle this? Does this mean that “proper” SSL revocation basically doesn’t work? Why are we having to blacklist these certificates? Shouldn’t SSL revocation via OCSP/etc. I’ve written an analysis of this for the Tor blog: Likewise, why did you take so long to fix it vs Chrome? Google issued a fix for Chrome five days ago! Usually Firefox leads in speed of fix. Why wasn’t this issue reported on this blog prior to shipping a release? In the interest of full disclosure, I think that would have been preferable. I notice that normally, once an issue is made public and gets press, you publish a post on this security blog. Unfortunate this happens around the Firefox 4 release Browse free.Ģ7 comments on “Firefox Blocking Fraudulent Certificates” This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates. We encourage all users to keep their software up to date by regularly applying security updates. We are still evaluating the possibility of further response to this issue. It may also deceive users into downloading malware if they believe it’s coming from a trusted site.Ĭurrent versions of Firefox are protected from this attack. This could deceive them into revealing personal information such as usernames and passwords. Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. As part of our ongoing commitment to providing a secure Web experience for users, we have updated Firefox 4.0, 3.6, and 3.5 to recognize these certificates and block them automatically. The certificates have been revoked by their issuer which should protect most users. Mozilla has been informed about the issuance of several fraudulent SSL certificates for public websites.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |