SSL Again

December 31st, 2008

More from the antelope department:

“SSL doesn’t provide much in the way of security, so breaking it doesn’t harm security very much. Pretty much no one ever verifies SSL certificates, so there’s not much attack value in being able to forge them. And even more generally, the major risks to data on the Internet are at the endpoints — Trojans and rootkits on users’ computers, attacks against databases and servers, etc — and not in the network.”

Bruce Schneier

Ooh, an update:

“If you’re like me and every other user on the planet, you don’t give a shit when an SSL certificate doesn’t validate. Unfortunately, commons-httpclient was written by some pedantic fucknozzles who have never tried to fetch real-world webpages.”

Yeah, try visiting https://google.com/adsense. *snicker

Posted by rsayre Filed in Uncategorized
1 Comment »

One Response to “SSL Again”

  1. Jo Hermans Says:
    January 1st, 2009 at 2:32 pm

    or https://mozilla.org/ …. (ok, it’s really a bug)