New Attack on Secure Browsing

Anton Stiglic astiglic at okiok.com
Fri Jul 16 13:51:48 EDT 2004


>You stated that http://www.pgp.com is an SSL-protected page, but did you
>mean https://www.pgp.com? On my Powerbook, with all the browsers I get an
>error that the certificate is wrong and they end up at http://www.pgp.com.

What I get is a bad certificate, and this is due to the fact that the
certificate is issued to store.pgp.com and not www.pgp.com.
Interestingly (maybe?), when you go and browse on their on-line store, and
check something out to buy, the session is secured but with another
certificate, one issued to secure.pgpstore.com.

--Anton

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list