On Friday, August 26, 2016 at 12:57:56 PM UTC-7, 233sec Team wrote: > Wosign's Issue mechanism is high risking for large enterprise. > This is one prove: > > https://gist.github.com/xiaohuilam/8589f2dfaac435bae4bf8dfe0984f69e > > Alicdn.com is the cdn asset domain name of Taobao/tmall who belong to > alibaba, which are Chinese biggest online shopping websites. > With the fake cert's middle man attack, password stealing, information > leaking...
Richard, please also include the incident report for alicdn.com. The whitehat (Did you confirm with him, Gerg? ) mentioned "Wosign's Issue mechanism is high risking for large enterprise." It might not be an isolated incident, but rather a procedural weakness. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy