Friday, September 06, 2002

Obvious quote of the day. Microsft finally has a patch for one of its later security holes -- the failure of Internet Explorer to properly check the identity of a site during an SSL session. (That padlock on your window is not doing what you think it is doing.) A Microsoft spokesman says, "Our products just aren't engineered for security." Here is a good explanation of the problem. Verisign deserves even more blame. It has been selling the certificates for years, and apparently never even tested whether they offer the security that they promise.

No comments: