[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACqxkWJ=3viQ5U0kunywOC0o-8uLtpO03qZ0FOnzgroQ8QQp8A@mail.gmail.com>
Date: Mon, 13 Feb 2012 16:18:56 +0000
From: Nick Boyce <nick.boyce@...il.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Cc: FunSec List <funsec@...uxbox.org>
Subject: Re: Trustwave and Mozilla
On Sun, Feb 12, 2012 at 10:54 AM, Jeffrey Walton <noloader@...il.com> wrote:
https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972
>
> In case folks are interested in the following Mozilla's response to
> active MitM attacks that were facilitated by Trustwave, the bug report
> is here: http://bugzilla.mozilla.org/show_bug.cgi?id=724929.
>
Can anyone confirm that Trustwave CA certificates in the local Mozilla
certificate store are the ones with names containing the word "SecureTrust"
?
I want to disable Trustwave CAs on all my local systems, but am not certain
which are the relevant ones. For some benighted reason, the word
"Trustwave" is not present in any of the certificate names in the FF
certificate store on WinXP or Debian (Iceweasel). Ironically of course,
the word "trust" appears everywhere :)
I found a page at mozilla.org which appears to show all CAs included with
FF, and that Trustwave certificates are labelled "SecureTrust" :
http://www.mozilla.org/projects/security/certs/included/
but I would like confirmation from Someone Who Knows Better.
Be advised: the above page appears to be some kind of .. [recoils in
horror] .. XML which doesn't render properly on WinXP, but renders fine on
Debian Linux. Maybe there's some XSL needed somewhere.
Cheers
Nick
--
XML is like violence. If it doesn't solve the problem, use more.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists