Tag Archives: ev

Symantec 的 SSL Certificate 醜聞繼續爆發...

tl;dr:目前的外部稽核還沒有完成,有可能會有更慘烈的情況。如果你最近要買 SSL certificate,不要碰 Symantec 旗下的產品,包括了 Verisign、Thawte、GeoTrust、Equifax (GeoTrust 下)、RapidSSL。 在「Symantec 的 Thawte 發出 Google 的 SSL certificate 的後續」這邊有提到先前 Google 抓到 Symantec 發出 Google 憑證的問題,後續稽核時發現更多問題... Google 在「Sustaining Digital Certificate Security」這篇提到了幾件事情。首先是基於 Symantec 第一版的稽核報告,發現有 23 個 SSL certificate 在 domain owner 沒有被通知的情況下被簽名,這包括了 Google 與 … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , | Leave a comment

Symantec 的 Thawte 發出 Google 的 SSL certificate 的後續

照目前公開的報導說,幹這件事情的人被幹掉了:「Symantec employees fired over fake security certificates」,也進一步透漏,發現有三個 certificate 被發出來: Symantec's senior director of engineering Quentin Liu said it discovered three unauthorised certificates last week during product testing. He explained that 'a few' employees who, it said, had passed the company's … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , | 1 Comment

Thawte (Symantec) 發出 www.google.com 的 EV SSL certificate

Google Online Security Blog 上公佈了一篇他們最近的發現,並且發佈 Google Chrome 的安全性更新:「Improved Digital Certificate Security」。 原因出自於 Thawte (Symantec) 發出 www.google.com 的 EV SSL certificate: On September 14, around 19:20 GMT, Symantec’s Thawte-branded CA issued an Extended Validation (EV) pre-certificate for the domains google.com and … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , | Leave a comment

CNNIC 的根憑證 (包括 EV) 從 Google 全系列產品移除

在「Maintaining digital certificate security」這篇文章裡的更新: Update - April 1: As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software | Tagged , , , , , , , | 2 Comments

Wildcard EV Certificate...

Netcraft 這篇「Wildcard EV certificates supported by major browsers」提到幾個重點... 首先是 EV 規範內禁止使用 Wildcard certificate (出自「Guidelines ForThe IssuanceAnd Management Of ExtendedValidationCertificates」): Wildcard certificates are not allowed for EV Certificates. 然後還是有人發 *.cclearning.accenture.com,而且主流瀏覽器會正常照 EV 模式顯示出來:(這邊拿 Google Chrome 的範例,原文有所有截圖) 只有 Safari 的手機版本當作普通 certificate 處理的:(下面兩張圖,上圖是桌機版,下圖是手機版) 被抓出來鞭後應該會修正... … Continue reading

Posted in Browser, Computer, Murmuring, Network, Safari, Security, Software, WWW | Tagged , , , , | 2 Comments

這下可包大了,居然有一堆 "localhost" 這類的 SSL Certificate 被發出來...

這些 CA 是怎麼管理下面的單位的啊... Slashdot 報導了 EFF 的 Chris Palmer 發現有大量 Unqualified Name 被 sign 過:「Thousands of SSL Certs Issued To Unqualified Names」、「Unqualified Names in the SSL Observatory」。 依照原文中「You can also use the Observatory in an Amazon EC2 instance we created.」這句話,應該是直接掃整個 … Continue reading

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , | 1 Comment

Perl 的 AnyEvent + EV

Coro 用起來不太順,於是跑到 freenode 的 #perl.tw 上問 Coro 是不是能用的東西,結果 clkao 建議了 AnyEvent,用了感覺反而比 Coro 順手,大概是因為平常對 event-based 的東西還算習慣吧... 與「Perl 的 Threading 實做:Coro」這篇同樣的東西,改用 AnyEvent + EV 寫:

Posted in Computer, Murmuring, Network, Programming, Software, WWW | Tagged , , , | Leave a comment