lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Mar 2010 20:22:16 +0000 (UTC)
From: Francis Litterio <>
Subject: Firefox 3.6 for Windows includes a forged CA cert

In Firefox 3.6 for Windows, go to Tools -> Options -> Advanced -> Encryption ->
View Certificates -> Authorities and scroll down to the entry for "Equifax
Secure Inc." and you'll see a cert labeled "MD5 Collisions Inc
(" grouped with the other Equifax certs.

Yes, it's expired, so it poses no real threat, but why is the Mozilla Project
shipping Firefox with that cert?  It just causes FUD.

Powered by blists - more mailing lists