[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Security Lies



[email protected] writes:
> 
> We have just tested Netscape's security page and it seems they are either lying
> or have a major bug.
> 
> All you have to do to confirm this is to go to their page
> http://home.netscape.com/newsref/ref/netscape-security.html#test
> and click on the link under the heading Testing the Secure Server link
> "Here is a secure server you can visit.

I checked this out with baited breath, hoping to find a juicy
Netscape security hole as promised.  Unfortunately, all it is
is a mis-configured httpd server at rsa.com.  It should be
doing SSL but it's not.  A bummer, but probably not a lie and
certainly not a major bug.

> We decided to test further and found that the RSA secure server is only SSL 2 
> and SSL 3 which is what Netscape seems to be touting to the resting of the 
> world saying they have it NOW. Later, if not much later seems far more
> realistic. 

Try ssl3.netscape.com:443.  It's doing ssl3.

> I do not like being lied to, mislead or steam rolled by, how about
> you?

Not at all.  So quit doing it.


-- 
Eric Murray  [email protected]  [email protected]  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF