[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Trustwave and Mozilla

To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, FunSec List <funsec@xxxxxxxxxxxx>
Subject: [Full-disclosure] Trustwave and Mozilla
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Sun, 12 Feb 2012 05:54:30 -0500

Hi All,

https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972

In case folks are interested in the following Mozilla's response to
active MitM attacks that were facilitated by Trustwave, the bug report
is here: http://bugzilla.mozilla.org/show_bug.cgi?id=724929.

For what its worth, pinning the certificate can usually remediate
these sorts of MitM attacks, but Mozilla subverted it:
http://ssl.entrust.net/blog/?p=615.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Trustwave and Mozilla
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Trustwave and Mozilla
  - From: decoder
- Re: [Full-disclosure] Trustwave and Mozilla
  - From: Nick Boyce

Prev by Date: Re: [Full-disclosure] Iran is doing ip-and-port filtering of SSL
Next by Date: [Full-disclosure] Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability
Previous by thread: [Full-disclosure] Yahoo Messenger - Buffer Overflow Vulnerability [Video]
Next by thread: Re: [Full-disclosure] Trustwave and Mozilla
Index(es):
- Date
- Thread