BTW, anyone interested in the CA PKI model really ought to read Jacob Appelbaum's account of a recent incident in which a Comodo sub-CA was used to issue bogus certs for Google, Microsoft, Yahoo, Mozilla, and Skype hostnames:
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion Dianne can stop reading now because she knows what's next. Typical Android users are likely out of luck, forced to wait until the Android team merges the blacklist patch from Chromium *and* releases new dot versions of Android OS *and* the device manufacturers update firmwares (*and* in the US and similar countries, the cell phone companies bless the new firmwares). This is another example of Android's OS & update design flaws, that Google can't push even such a small, straightforward fix out to all Android end users. :-( -Peter -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
