Certificate Authorities Careless About SSL Security?
27th June, 2003
Certificate Authorities regard it as a badge of the trade to offer their main websites over SSL. However, John Airey points out that several CAs have not checked that the SSL versions of their sites can be used without generating errors. Verisign and Baltimore's sites both give warnings, and in some browsers so do Geotrust and Globalsign. This occurs because the sites include links to offsite images, but these images are only served over HTTP, causing browser warnings about insecure content when included on an SSL site. The point may seem small and obvious, but inconveniencing users by triggering warnings makes it more likely that they will turn off the warnings, which reduces their security.
Posted by Colin Phipps in Dogfood
Related News
American Express adopts Linux
27 Oct 2003
Dogfood
www.americanexpress.com migrated from AIX to Linux last week, mirroring a similar move by another financial giant, Schwab.com earlier in the year. IBM has a significant presence with both organisations, and it has probably had a role in encouraging both...
View full post
Linux encroaching further into sun.com
26 Oct 2003
Dogfood
Ever since shortly after Sun's acquisition of Cobalt three years ago, some sun.com sites have run Linux. However, more recently, Linux is being used for Sun sites that appear unconnected with the Cobalt product range. Sun sites running on Linux include...
View full post
3rd Sunday in the month is Reboot Sunday at Nortel
26 Oct 2003
Dogfood
One of the more eyecatching uptime graphs is at Nortel Networks, where over the last two years www.nortelnetworks.com has been rebooted at 13:04 GMT [14:04 in the winter] on Sundays falling between the 15th and 21st of the month producing the following...
View full post