On 2009-07-31 12:38 PDT, Ian G wrote:
On 31/07/2009 11:29, William L. Hartzell wrote:
Nelson B Bolyard wrote:
Some lax CAs will evidently issue certs with just about anything in the
DNS names. I'd pull the plug on them if I could find them, but the
presenters at Black Hat were careful NOT to
The NSS 3.12.3.1 release is now available. The CVS tag is
NSS_3_12_3_1_RTM. You can download the source tarball
from
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_3_1_RTM/src/
NSS 3.12.3.1 requires NSPR 4.7.4 or later.
NSS 3.12.3.1 fixes the following bugs in NSS
Wan-Teh Chang wrote:
The NSS 3.12.3.1 release is now available. The CVS tag is
NSS_3_12_3_1_RTM. You can download the source tarball
from
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_3_1_RTM/src/
As far as I can see, CERT_VerifyCertName() is still vulnerable to the
On 2009-07-30 19:04 PDT, Howard Chu wrote:
As far as I can see, CERT_VerifyCertName() is still vulnerable to the
embedded NUL hack that was recently published here
http://www.wired.com/threatlevel/2009/07/kaminsky/ and on slashdot. Yet
some comments in the discussion say that Firefox 3.5 is
On 31/7/09 04:29, Nelson B Bolyard wrote:
... So, a name with a NULL in it will appear
as something like www.mybank.com\00*.badguy.org
There must be something I am missing. Since when is a NULL a legal
character in a domain?
iang
--
dev-tech-crypto mailing list
On 2009-07-30 19:46 PDT, Ian G wrote:
On 31/7/09 04:29, Nelson B Bolyard wrote:
... So, a name with a NULL in it will appear
as something like www.mybank.com\00*.badguy.org
There must be something I am missing. Since when is a NULL a legal
character in a domain?
Read the article that
6 matches
Mail list logo
