On Fri, Mar 23, 2001 at 08:26:38AM -0500, Taylor, Chris <[EMAIL PROTECTED]> wrote:
> Just for those of you who have not seen the bulletin, there is yet another
> reason to look towards Linux.
My understanding is that this has nothing to do with Microsoft
Windows. This will likely only affect you if you go to a website, and
your web browser ask you if you want to accept a certificate. Since it
says "signed by Microsoft Corporation", you might be more inclined to
say "yes". However, here the certificate actually belongs to a
third-party, and could conceivably be signing malicious code.
This is not related to MS Windows. The error here was made by
VeriSign, not Microsoft, who was tricked into believing that the
individual who registered the certificate was an authorized Microsoft
employees. The only thing that one could possibly blame Microsoft for
is that Internet Explorer doesn't automatically check to see if a
certificate has been revoked by VeriSign. However, I'm not sure if any
other browsers do, either. It may also be true that these certificates
are limited to ActiveX controls, but they just as well could have been
issued for other purposes.
--
Bob Bell <[EMAIL PROTECTED]>
-------------------------------------------------------------------------
"Parentheses in Perl are like shoes in the Caribbean."
-- Larry Wall, creator of the Perl programming language
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
