the litmus test should be reworked to use the addons cert for which we
have the private key. in order to do this, the testcase will need to pin
<'now'> to be a fixed date (e.g. 2011-03-28), on the client system, and
the host will need to be happy to serve an expired certificate (possibly
by pinning
ah... we have the private key for the revoked addons certificate!
bob
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates put users at risk
--
ubuntu-b
Resetting the Litmus flag to indicate that the test still exists in
Litmus (and I think it should until it is replaced, or until it is no
longer a valid test as per comment 93). Given that this is a security
issue, surely a Litmus test is better in the interim? Let me know if I'm
wrong.
--
You re
(In reply to comment #97)
> Yeah, we should be able to test this through automation.
This should bear bug 617414 in mind. I don't know how SSL tests are
currently performed and whether you'd need a couple more certificates
from Comodo (one to blacklist and one to not) as this code is only run
if t
Yeah, we should be able to test this through automation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates put users at risk
--
ubuntu-bugs mailing li
Kyle, it doesn't. If someone wanted to craft an automated test, that
would be great in my opinion.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates put
Why does this need to be a litmus test?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates put users at risk
--
ubuntu-bugs mailing list
ubuntu-bugs@li
(In reply to comment #93)
> If you want to test revocation mechanisms in general, that's another story,
> and
> I agree, that could be automated, but it would also require to have someone
> permanently operate a server with a revoked cert.
QA has a public facing server we can use for SSL work n
Testing is tricky.
Do you want to test the blacklist mechanism?
The test cert on kuix.de:9449 will expire soon. I'm not sure what will
happen then. You might get EITHER error expired OR error revoked. Only
if the error REVOKED then you can continue to use this blacklist test.
If EXPIRED has highe
(In reply to comment #91)
> > Litmus testcase has been added -- please review:
> > https://litmus.mozilla.org/show_test.cgi?id=15365
>
> This test presupposes that https://kuix.de:9449/ will be up forever. Since the
> bogus test cert is keyed to that site, we cannot move the testcase to our QA
> s
Presumably comment 8 can be morphed into a test, either automated or
Litmus, or both. Setting flags.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates p
(In reply to comment #90)
> (In reply to comment #89)
> > Presumably comment 8 can be morphed into a test, either automated or
> > Litmus, or
> > both. Setting flags.
>
> Litmus testcase has been added -- please review:
> https://litmus.mozilla.org/show_test.cgi?id=15365
This test presupposes th
(In reply to comment #89)
> Presumably comment 8 can be morphed into a test, either automated or Litmus,
> or
> both. Setting flags.
Litmus testcase has been added -- please review:
https://litmus.mozilla.org/show_test.cgi?id=15365
--
You received this bug notification because you are a member
(In reply to comment #69)
> Created attachment 520887 [details]
> fix a leak
This was landed as part of bug 644012.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SS
And the private key has been verified as matching the public key attached to
this bug:
http://erratasec.blogspot.com/2011/03/verifying-comodo-hackers-key.html
So this guy either did it, or is part of the group that did it.
Gerv
--
You received this bug notification because you are a member of
(In reply to comment #85)
> Does that help? http://pastebin.com/X8znzPWH
Since pastebins suck, here's the content:
For some real dumbs, I bet they don't have IQ above 75, WHO STILL thinks
I'm not the hacker, here is mozilla addon's certificate, check it's
serial with one published on all the inte
Does that help? http://pastebin.com/X8znzPWH
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates put users at risk
--
ubuntu-bugs mailing list
ubuntu-bu
> Hacker claim
One wonders why he didn't just post some data signed with one of the
private keys he generated. He seems particularly anxious to prove he was
the one who pulled this off.
bob
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
** Summary changed:
- Compromised Comodo SSL certificates puts users at risk
+ Compromised Comodo SSL certificates put users at risk
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Comp
I'm tracking the Qt issue in bug 742377
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/741528
Title:
Compromised Comodo SSL certificates puts users at risk
--
ubuntu-bugs mailing list
ubuntu-bugs@l
This update went out to all supported Stable releases about 8 hours ago.
** Changed in: firefox (Ubuntu Maverick)
Importance: Undecided => Medium
** Changed in: firefox (Ubuntu Maverick)
Status: New => Fix Released
** Changed in: firefox (Ubuntu Maverick)
Assignee: (unassigned) =>
Natty already had this fix in Firefox 4.
** Also affects: firefox (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: Ubuntu Karmic
Importance: Undecided
Status: New
** Also affects: Ubuntu Lucid
Importance: Undecided
Status: New
** Also affects: Ubun
Thank you for using Ubuntu and reporting a bug. These packages have
already been prepared, are now built and will be published soon. You can
see them here: https://launchpad.net/~ubuntu-security-
proposed/+archive/ppa/+packages
** Visibility changed to: Public
** Changed in: firefox (Ubuntu)
23 matches
Mail list logo
