| 枫林在线论坛>>信息安全 [普通模式] [上一主题] [下一主题] |
| [185990] 主题: Google using Expired Cert and SSLv2 (转载) |
| 作者: tshxp. |
标题:  Google using Expired Cert and SSLv2 (转载)[转载] |
|
| 昵称: tshxp. |
来自: 202.194.*.* 
|
|
| 经验值: 0 | 发贴时间: 2004年04月07日 20:07:45 | |
| 等级: 新手上路 | 长度: 1404字 | |
|
发信人:tshxp@smth.org (I'll be back),信区:cn.bbs.comp.security 标 题:Google using Expired Cert and SSLv2 (转载) 发信站:BBS 水木清华站 转信站:LeafOK!netnews.sdu.edu.cn!maily.cic.tsinghua.edu.cn!SMTH 【 以下文字转载自 BugTraqML 讨论区 】 发信人: mhamrick@cryptonomicon.net ("Matthew S. Hamrick"), 信区: B ugTraqML 标 题: Google using Expired Cert and SSLv2 发信站: NCTU CSIE FreeBSD Server (Thu Apr 1 08:21:07 2004) 转信站: SMTH!maily.cic.tsinghua.edu.cn!sjc70.webusenet.com!news.usenetserver .co 出 处: freebsd.csie.nctu.edu.tw http://www.cryptonomicon.net/modules.php?name=News&file=article&sid= 729 Don't know how apropos it is to bugtraq, but I suppose it's relevant to the web application security community. It's fairly well known amongst people who us e SSL to secure portions of their web application that SSL version 2 is " bad." It's so bad that a bunch of really smart people went out and created SSL ver sion 3. So I was pretty surprised today when I noticed that https://www.google.co m/ is using an expired certificate and SSLv2. Guess the moral of the story is: "even the big guys can get it wrong.&q uot; /etc Matt H. -- One Ringtone to rule them all, one Carrier to find them, One Phone to bring them all and to the Service Contract bind them. ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |
||
|
========== * * * * * ==========
|
 Top
|
||