Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Alternatives Don’t Need To Be Bashed

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

So...

Story: Hacker pokes third hole in secure sockets layer

Total Replies: 4

Author	Content
DrDubious Feb 19, 2009 3:11 PM EDT	Basically the frantic, irritating, multi-click "consumer-scaring" dance that Firefox 3 does every time it sees a self-signed certificate is kind of pointless, since "bad guys" don't need to use them...
tuxchick Feb 19, 2009 3:19 PM EDT	Oh good, I'm not the only one who is annoyed by that. It is pointless-- how can anyone be qualified to judge if it's genuine or not? Typical Microsoft-style "security"-- bug the user with a bunch of annoying click this and check that, and it's all meaningless.
techiem2 Feb 19, 2009 3:32 PM EDT	Yeah. I mean, how many sites out there use a: self signed certs or b: the cert from their web hosting provider that doesn't have their site listed in it? I see the point of warning you, but most users wouldn't know what it's warning about, let alone know how to verify if it really is valid for that site.
hkwint Feb 19, 2009 9:56 PM EDT	The SSL model is flawed anyway, and it doesn't have anything to do with technical limitations or problems. The biggest problem is that any criminal can buy an SSL certificate at Thawte & co. I once saw a malicious site with a perfect Thawte SSL certificate. Companies such as Thawte don't look at who they are selling certificates to. It's the same as a government selling ID's to everyone who pays for them and then complaining those ID's are unsafe because the RFID-chip is cracked; utterly irrelevant information. The problem here with Thawte is the same as the problem with USPTO / EPO: They are not paid for quality but for quantity. As long as trolls and criminals increase that quantity, they will be sold patents and SSL-certificates. Only if a company such as Thawte would have to pay a fine for every SSL-certificate it sold to malicious groups, something would really change. Untill then, an SSL certificate is totally meaningless, and worse, providing a false feeling of security. But that's just my 200.
tuxtom Feb 20, 2009 4:46 AM EDT	Thing is one man's malicious group is another man's pillar of capitalism...or elected government.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software