lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 31 Mar 2004 15:42:40 -0500
From: "Matthew S. Hamrick" <mhamrick@...ptonomicon.net>
To: webappsec@...urityfocus.com
Cc: bugtraq@...urityfocus.com
Subject: Google using Expired Cert and SSLv2


http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=729

Don't know how apropos it is to bugtraq, but I suppose it's relevant to the web
application security community. It's fairly well known amongst people who use
SSL to secure portions of their web application that SSL version 2 is "bad."
It's so bad that a bunch of really smart people went out and created SSL version
3. So I was pretty surprised today when I noticed that https://www.google.com/
is using an expired certificate and SSLv2.

Guess the moral of the story is: "even the big guys can get it wrong."

/etc
Matt H.

-- 
One Ringtone to rule them all, one Carrier to find them,
One Phone to bring them all and to the Service Contract bind them.

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ