[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Security Lies

To: [email protected]
Subject: Re: Netscape Security Lies
From: Eric Murray <[email protected]>
Date: Tue, 30 Jul 1996 08:30:27 -0700 (PDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "[email protected]" at Jul 30, 96 11:27:56 am
Sender: [email protected]

[email protected] writes:
> 
> We have just tested Netscape's security page and it seems they are either lying
> or have a major bug.
> 
> All you have to do to confirm this is to go to their page
> http://home.netscape.com/newsref/ref/netscape-security.html#test
> and click on the link under the heading Testing the Secure Server link
> "Here is a secure server you can visit.

I checked this out with baited breath, hoping to find a juicy
Netscape security hole as promised.  Unfortunately, all it is
is a mis-configured httpd server at rsa.com.  It should be
doing SSL but it's not.  A bummer, but probably not a lie and
certainly not a major bug.

> We decided to test further and found that the RSA secure server is only SSL 2 
> and SSL 3 which is what Netscape seems to be touting to the resting of the 
> world saying they have it NOW. Later, if not much later seems far more
> realistic. 

Try ssl3.netscape.com:443.  It's doing ssl3.

> I do not like being lied to, mislead or steam rolled by, how about
> you?

Not at all.  So quit doing it.


-- 
Eric Murray  [email protected]  [email protected]  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

References:
- Netscape Security Lies
  - From: [email protected]

Prev by Date: Re: Denning vs. Gilmore
Next by Date: Re: Taxes in the digicash world
Prev by thread: Netscape Security Lies
Next by thread: Re: Netscape Security Lies
Index(es):
- Date
- Thread