| 枫林在线>>信息安全 [快速回复] [上一主题] [下一主题] | Encrypt/(数据加密) |
| [185990] 主题: Google using Expired Cert and SSLv2 (转载) | |
| 作者: tshxp. |
标题:
Google using Expired Cert and SSLv2 (转载)
[转载] |
|
| 昵称: tshxp. | 来自: 202.194.*.* | |
| 经验值: 0 | 发贴时间: 2004年04月07日 20:07:45 (UTC +08:00) | |
| 等级: 新手上路 | 长度: 1392字 | |
|
发信人:tshxp@smth.org (I'll be back),信区:cn.bbs.comp.security 标 题:Google using Expired Cert and SSLv2 (转载) 发信站:BBS 水木清华站 转信站:LeafOK!netnews.sdu.edu.cn!maily.cic.tsinghua.edu.cn!SMTH 【 以下文字转载自 BugTraqML 讨论区 】 发信人: mhamrick@cryptonomicon.net ("Matthew S. Hamrick"), 信区: BugTraqML 标 题: Google using Expired Cert and SSLv2 发信站: NCTU CSIE FreeBSD Server (Thu Apr 1 08:21:07 2004) 转信站: SMTH!maily.cic.tsinghua.edu.cn!sjc70.webusenet.com!news.usenetserver. co 出 处: freebsd.csie.nctu.edu.tw http://www.cryptonomicon.net/modules.php?name=News&file=article&sid= 729 Don't know how apropos it is to bugtraq, but I suppose it's relevant to the web application security community. It's fairly well known amongst people who use SSL to secure portions of their web application that SSL version 2 is "bad." It's so bad that a bunch of really smart people went out and created SSL version 3. So I was pretty surprised today when I noticed that https://www.google.com/ is using an expired certificate and SSLv2. Guess the moral of the story is: "even the big guys can get it wrong." /etc Matt H. -- One Ringtone to rule them all, one Carrier to find them, One Phone to bring them all and to the Service Contract bind them. ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |
|
|
========== * * * * * ==========
|
 Top
|
||