full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] OpenID/Debian PRNG/DNS

Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Ben Laurie <benl_at_nospam>
Date: Tue Aug 12 2008 - 13:31:00 GMT
To: "Clausen, Martin (DK - Copenhagen)" <mclausen@deloitte.dk>


On Tue, Aug 12, 2008 at 9:55 AM, Clausen, Martin (DK - Copenhagen) <mclausen@deloitte.dk> wrote:
> You could use the SSL Blacklist plugin
> (http://codefromthe70s.org/sslblacklist.asp) for Firefox or heise SSL
> Guardian
> (http://www.heise-online.co.uk/security/Heise-SSL-Guardian--/features/11
> 1039/) for IE to do this. If presented with a Debian key the show a
> warning.
>
> The blacklists are implemented using either a traditional blacklist
> (text file) or distributed using DNS.

Browser plugins do not assist RPs.



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/