Hello, Glad that it interested you..! Anyway, I wonder if ICS TSslHttpCli uses EV SSL certs and whether it is vulnerable.
Regards, SZ On Wed, Jul 22, 2009 at 10:09 PM, Francois PIETTE <francois.pie...@skynet.be > wrote: > >> http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218501653&cid=nl_tw_security >> > > What I understand from the article is that it is not SSL which is cracked, > but a design flaw in webbroser which is exploited. > Quote: > Mike Zusman, principal consultant at Intrepidus Group, and Alex Sotirov, > an independent > security researcher, have identified a Web browser design flaw that allows > an attacker to > conduct a "Man-in-the-Middle" attack against Web sites with Extended > Validation (EV) > Secure Sockets Layer (SSL) certificates. > > This is very different than cracking SSL ! > Probably webbrowser editors will soon fix their implementation. > > -- > francois.pie...@overbyte.be > The author of the freeware multi-tier middleware MidWare > The author of the freeware Internet Component Suite (ICS) > http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
