[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Same ol' massive MITM exposure in Netscape 2.01b

To: [email protected]
Subject: Re: Same ol' massive MITM exposure in Netscape 2.01b
From: Jeff Weinstein <[email protected]>
Date: Sat, 14 Oct 1995 00:00:47 -0700
Newsgroups: mcom.list.cypherpunks
Organization: Netscape Communications
References: <Pine.SOL.3.91.951013122654.26464D-100000@chivalry>
Sender: [email protected]

Simon Spero wrote:
> 1) The client does not do any verification that the certificate used for
> the transaction is one associated with the server, allowing MITM
> substitutions as long as the server has a properly signed certificate
> 
> 2) The client does not issue warnings for redirections from one https
> page to another https page, even if the url to which it is redirected has
> a different hostname to the url originally dereferenced.

  I'm working on these right now.  A future beta will have fixes for
this.

> 3) In the case of redirection, the document info screen does not provide
> information about the originaly referenced page, just the final page.
> This allows the MITM to intercept the first request, steal the request
> data, then issue a redirect to hide the certificate used in the intercept.

  If the previous two are fixed, it doesn't seem that this is really
important.

> 4) In the beta version, the document info page does not display the
> security info (I did check with  MITM disabled).

  Did you have the disk cache turned off?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

References:
- Same ol' massive MITM exposure in Netscape 2.01b
  - From: Simon Spero <[email protected]>

Prev by Date: Re: Anguilla Cypherpunks Meeting
Next by Date: Re: Netscape question transformed
Prev by thread: Same ol' massive MITM exposure in Netscape 2.01b
Next by thread: CAT_sho
Index(es):
- Date
- Thread