From a Slashdot article dated Monday August 12th. at http://slashdot.org/article.pl?sid=02/08/12/1341239&mode=thread&tid=172
"The Register reports that IE and Konqueror both have a bug that allows anyone with a legit Verisign SSL certificate to issue a 'legit' certificate for a 3rd party site. IE and Konqueror don't both to check the issuer of this intermediate cert making SSL in both browsers something of a joke". Update by Hetz: if you're using KDE from CVS, the fix is inside or you can wait to next week for KDE 3.0.3 (which will have more fixes for KDE 3.0). Thanks to Waldo Bastian for the blazing fast fix (95 minutes since it was reported). Just thought folks might appreciate a heads-up on this. The impact is that a Bad Site can create a server certificate that appears to have been duly certified as valid by a trusted CA, when in fact the certificate is bogus. The bug is that affected browsers don't check the CA's trusted status properly. Full marks to the Konqueror team for such a fast response. KDE 3.0.3 huh ? Any hero producing debs ? Chris ? Cheers Nick Boyce Bristol, UK -- Boycott Amazon till they relent on the 1-click software patent - http://www.gnu.org/philosophy/amazon.html
