[conspire] Comodo-signed bogosity (was: DigiNotar Damage Disclosure)
Adrien Lamothe
alamozzz at yahoo.com
Fri Sep 9 11:14:03 PDT 2011
Right. So, the problem on my end was:
1. I update Firefox.
2. Upon restarting Firefox, CertWatch informs me it wants to update certificates.
3. CertWatch then proceeds to pop up a procession of windows, each with cert data, each with "OK" and "Cancel" buttons.
4. I see contradictory information in the cert data. But I trust that CertWatch knows what it is doing (which it did.) However, CertWatch doesn't tell me it is de-verifying those certs, merely that it is updating them. Being the first time so many certs are updated since I installed CertWatch, I was unaware of what exactly it was doing to them, until I went into Firefox's "View Certificates" area to see they "could not be verified for unknown reasons."
5. I mention the contradictory data on this list, because I find it interesting.
Perhaps CertWatch should add a notation during update notification, as to the nature of the update.
________________________________
From: Rick Moen <rick at linuxmafia.com>
To: conspire at linuxmafia.com
Sent: Friday, September 9, 2011 10:27 AM
Subject: Re: [conspire] Comodo-signed bogosity (was: DigiNotar Damage Disclosure)
Quoting Adrien Lamothe (alamozzz at yahoo.com):
> Right. So what I was seeing, apparently, was CertWatch telling me
> those certs had been marked as bad, only it wasn't apparent that was
> what it was saying.
Not sure what you saw, really.
Just to elaborate on my comment to Ehud that there are always ways to
tunnel traffic out past dumb corporate firewalling:
http://sebsauvage.net/punching/ <- Best and most thorough
http://www.nocrew.org/software/httptunnel.html
http://www.linuxhowtos.org/Security/sshproxy.htm
_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20110909/d3618624/attachment.html>
More information about the conspire
mailing list