Death.FM
Search

 

RIP
Subscribe to become a RIP member of Death.FM!

· Request More Often
· Unshared Requests
· Request Countdown Timer
· Request Ready Indicator
· Your Request History
· Access To The RIP Forum
· Add More Favorites

:: Click Here To Upgrade ::

:: Give RIP as a Gift ::

Click Here To Listen

Follow Us

Donation Meter


Make donations with PayPal!
Monthly Goal:
$500.00

Need:
$301.79

19 Donations:
$198.21

StreamingSoundtracks.com (Sep-21) bruiser $10.00
Death.FM (Sep-21) blackvision $19.84
StreamingSoundtracks.com (Sep-19) lassenormann $10.00
StreamingSoundtracks.com (Sep-18) Borg124 $5.00
StreamingSoundtracks.com (Sep-17) CaptainKidd $10.00
Entranced.FM (Sep-15) ZeframCochrane $10.00
Death.FM (Sep-13) Windsor $10.00
StreamingSoundtracks.com (Sep-12) Bryophyte $10.00
Death.FM (Sep-8) tabh666 $10.00
Adagio.FM (Sep-8) AkuAku $10.00
Entranced.FM (Sep-8) AkuAku $10.00
1980s.FM (Sep-8) AkuAku $10.00
StreamingSoundtracks.com (Sep-7) The1toBtrue $10.00
StreamingSoundtracks.com (Sep-6) fox $10.00


 


Last Month's Donors
StreamingSoundtracks.com (Aug-28) PeteC $50.00
StreamingSoundtracks.com (Aug-28) molossus $22.68
StreamingSoundtracks.com (Aug-27) Dharma-fishbis... $5.00
Death.FM (Aug-26) SLADE666 $10.00
Death.FM (Aug-25) lawless $5.00
Death.FM (Aug-25) lawless $5.00




Windows Phone App

Android App

Death.FM Store



:: Death.FM Store ::


Windows Media

Partners


:: Link To Us ::
:: Add Your Link ::


IE, Chrome and Safari vulnerable to fake PayPal certificate
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Death.FM Forum Index -> General
View previous topic :: View next topic 
Author Message
Germany Wurst
Captain
Captain



Joined: Apr 13, 2006
Member#: 1782
Posts: 1542
Location: Germany

Wurst is offline View user's profile Send private message Wurst's Favorites are Private
PostPosted: Wed Oct 21, 2009 6:45 am   Post subject: Reply with quote


Metalheadbrewer wrote:
Cool, thanks Digi. I only use Firefox anyway but it is good to know.


Yes becuase its another pro argument for firefox!
USA AntarcticaZombie
Lieutenant Junior Grade
Lieutenant Junior Grade



Joined: Jul 18, 2010
Member#: 11055
Posts: 76
Location: Satantonio, Texas

AntarcticaZombie is offline View user's profile Send private message Send e-mail View AntarcticaZombie's Favorites
PostPosted: Tue Jul 20, 2010 9:11 pm   Post subject: Reply with quote


I don't buy thing on the internets, I think I'm safe
_________________
Finland Basher RIP (subscribed member)
Vice Admiral (Moderator)
Vice Admiral (Moderator)



Joined: Feb 19, 2010
Member#: 10128
Posts: 3818
Location: Ebil domain

Basher is offline View user's profile Send private message Send e-mail View Basher's Favorites
MSN Messenger
PostPosted: Wed Jul 21, 2010 1:36 am   Post subject: Reply with quote


i don't use paypal... anyways
_________________
i am so ebil that i piss darkness
Afghanistan DOSphantom
Commander
Commander



Joined: Aug 27, 2007
Member#: 3904
Posts: 785
Location: WA, USA

DOSphantom is offline View user's profile Send private message View DOSphantom's Favorites
Visit MySpace
PostPosted: Tue Nov 23, 2010 3:31 am   Post subject: Reply with quote


Wait... what? How does the parser choke-out on a C-string null terminator? It has the true string size, so... yeah.
Crypto is a decrepit API from the mid-nineties and probably should be avoided in these security sensitive applications(and CNG is probably the same thing except with new features).

Anyway, to note: Pay Pal is a dirty, thieving company.
_________________

I have come here to chew bubblegum and kick ass... and I'm all out of bubblegum.
Kiribati diginferno RIP (subscribed member)
Admiral (Administrator)
Admiral (Administrator)



Joined: Apr 11, 2006
Member#: 1771
Posts: 3166
Location: Bucharest, Romania

diginferno is offline View user's profile Send private message Send e-mail View diginferno's Favorites
Yahoo Messenger MSN Messenger ICQ Number Visit MySpace
PostPosted: Tue Nov 23, 2010 6:28 am   Post subject: Reply with quote


DOSphantom wrote:

Crypto is a decrepit API from the mid-nineties and probably should be avoided in these security sensitive applications


Off-topic: our sysadmin told me that he saw logs in which Windows 7 identified itself as Windows NT 4. Dare to contemplate the implications? My Windows 2000 says it's Windows NT 5...
_________________
diginferno
.:: Death.FM Administrator ::.

.:: ::.
Finland Basher RIP (subscribed member)
Vice Admiral (Moderator)
Vice Admiral (Moderator)



Joined: Feb 19, 2010
Member#: 10128
Posts: 3818
Location: Ebil domain

Basher is offline View user's profile Send private message Send e-mail View Basher's Favorites
MSN Messenger
PostPosted: Thu Nov 25, 2010 3:32 am   Post subject: Reply with quote


well all 7's i have used returns to version question nt 6.1 ... ie 8 and 9 in pages that require 32 bit strings might give any nt version under nt 7....

windows nt versions
win nt 4 and below are sold as nt's
nt 5.0 = win 2000
nt 5.1 = win xp; win 2003 srv;win xp extended (X64); XP flp
nt 6.0 = win vista;win 2008 srv
nt 6.1 = win 7
_________________
i am so ebil that i piss darkness
Norway tr1sth3t RIP (subscribed member)
Lieutenant Commander
Lieutenant Commander



Joined: Feb 27, 2007
Member#: 3130
Posts: 279
Location: Bergen

tr1sth3t is offline View user's profile Send private message Send e-mail View tr1sth3t's Favorites
AIM Address Yahoo Messenger
PostPosted: Wed Feb 23, 2011 9:39 am   Post subject: Re: IE, Chrome and Safari vulnerable to fake PayPal certificate Reply with quote


diginferno wrote:
Users of non-Microsoft operating systems do not seem to be affected.



LOL That's funny...

Quickest way to get rid of Windows: http://www.wubi-installer.org/
_________________
It is more likely that a brain randomly forms out of the chaos with false memories of its life than that the universe around us would have billions of self-aware brains.
Finland Basher RIP (subscribed member)
Vice Admiral (Moderator)
Vice Admiral (Moderator)



Joined: Feb 19, 2010
Member#: 10128
Posts: 3818
Location: Ebil domain

Basher is offline View user's profile Send private message Send e-mail View Basher's Favorites
MSN Messenger
PostPosted: Fri Feb 25, 2011 5:35 pm   Post subject: Reply with quote


hmm easiest way to prevent this kind of thing, is just pull the plug out of the computer and pay with cash LOL , i heard that some pay sites might be also be problematic with mac os and some linux platforms
_________________
i am so ebil that i piss darkness
Kiribati diginferno RIP (subscribed member)
Admiral (Administrator)
Admiral (Administrator)



Joined: Apr 11, 2006
Member#: 1771
Posts: 3166
Location: Bucharest, Romania

diginferno is offline View user's profile Send private message Send e-mail View diginferno's Favorites
Yahoo Messenger MSN Messenger ICQ Number Visit MySpace
PostPosted: Fri Feb 25, 2011 6:15 pm   Post subject: Reply with quote


Basher wrote:
hmm easiest way to prevent this kind of thing, is just pull the plug out of the computer and pay with cash LOL , i heard that some pay sites might be also be problematic with mac os and some linux platforms


The issue that prompted this topic was strictly related to the Win32 cryptography libraries that are involved in dealing with SSL certificates. That's why browsers that did NOT rely on the Windows API were not vulnerable - Firefox uses its own crypto library. If I'm not mistaken, the bug in question was allowing forged certificates to pass validation because it did not check the domain that served the certificate against the domain for which the certificate was issued.

Yes, there may still be problems with some websites and there may be problems with other platforms, but I'm afraid that they are not related to this specific bug. Also, the topic is old, I didn't follow the evolution of this problem because I use Firefox, but I assume that it was fixed by some Windows update.

Last but not least: what good is a SSL certificate if the user clicks on "Allow" or "Yes" without even reading the warning mesage? I guess that you've heard of the Java exploits last year, all of those exploits required the user to grant permission to the application to run. If we find an answer to the question "why do the users trust applications that pop in their faces out of the blue?", then we can solve a lot of the malware problems around.
_________________
diginferno
.:: Death.FM Administrator ::.

.:: ::.
USA HeadlessBeast
Lieutenant
Lieutenant



Joined: Sep 14, 2009
Member#: 8829
Posts: 110
Location: Lake Havasu City, Arizona

HeadlessBeast is offline View user's profile Send private message Send e-mail View HeadlessBeast's Favorites
PostPosted: Sat Apr 23, 2011 5:02 pm   Post subject: Reply with quote


This could save my ass for the future. Thanks.
_________________
\,,/ Black Metal \,,/
Finland Basher RIP (subscribed member)
Vice Admiral (Moderator)
Vice Admiral (Moderator)



Joined: Feb 19, 2010
Member#: 10128
Posts: 3818
Location: Ebil domain

Basher is offline View user's profile Send private message Send e-mail View Basher's Favorites
MSN Messenger
PostPosted: Sun Apr 24, 2011 1:30 am   Post subject: Reply with quote


diginferno wrote:
Basher wrote:
hmm easiest way to prevent this kind of thing, is just pull the plug out of the computer and pay with cash LOL , i heard that some pay sites might be also be problematic with mac os and some linux platforms


The issue that prompted this topic was strictly related to the Win32 cryptography libraries that are involved in dealing with SSL certificates. That's why browsers that did NOT rely on the Windows API were not vulnerable - Firefox uses its own crypto library. If I'm not mistaken, the bug in question was allowing forged certificates to pass validation because it did not check the domain that served the certificate against the domain for which the certificate was issued.

Yes, there may still be problems with some websites and there may be problems with other platforms, but I'm afraid that they are not related to this specific bug. Also, the topic is old, I didn't follow the evolution of this problem because I use Firefox, but I assume that it was fixed by some Windows update.

Last but not least: what good is a SSL certificate if the user clicks on "Allow" or "Yes" without even reading the warning mesage? I guess that you've heard of the Java exploits last year, all of those exploits required the user to grant permission to the application to run. If we find an answer to the question "why do the users trust applications that pop in their faces out of the blue?", then we can solve a lot of the malware problems around.


i read from one technical-nerdy magazine that around 99,7% of computer infections are installations made by users, by "blindly klicking yes and i agree" on every popup and dialog. In that test they added to a popup dialog to northern countries magazine sites, and the popup sayd that "by klicking yes i will install arczdx.exe trojan virus to your pc, and by agreeing our terms you will accept the terms found....", it was written in the native language of the browser. Generally from 10 000 users around 9 400 actually klicked yes... Sad
Kiribati diginferno RIP (subscribed member)
Admiral (Administrator)
Admiral (Administrator)



Joined: Apr 11, 2006
Member#: 1771
Posts: 3166
Location: Bucharest, Romania

diginferno is offline View user's profile Send private message Send e-mail View diginferno's Favorites
Yahoo Messenger MSN Messenger ICQ Number Visit MySpace
PostPosted: Sun Apr 24, 2011 1:03 pm   Post subject: Reply with quote


Many people don't know what "trojan" means in an IT context. They are non-technical users who don't care what the name of an .exe file is because it doesn't make any sense to them.

Also, reading license agreements, bah, are you out of your fucking mind? That's not the user's fault, though. Those license & user agreements are written in legalese and I must admit that I also fail to parse them correctly because they don't make sense to ME.

LOL
_________________
diginferno
.:: Death.FM Administrator ::.

.:: ::.
Display posts from previous:
Post new topic   Reply to topic    Death.FM Forum Index -> General All times are GMT - 5 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Forums ©


Copyright © 2001-2014 24seven.FM, LLC All rights reserved.
Comments, images, and trademarks are property of their respective owners.
You can syndicate our news using the file backend.php or ultramode.txt. Robots may follow the Sitemap.