[Webfunds-devel] HEADS UP: security breakage expected

• Previous message: [Webfunds-devel] javadoc of webfunds code
• Next message: [Webfunds-devel] HEADS UP: security breakage expected
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm in the process of adapting WebFunds to work on JDK 1.2 and
1.3 in addition to JDK 1.1.

My next commit will break WebFunds such that it will accept 
as valid X.509 certificates that are in fact not valid. This
will allow for a MitM attack on the SOX protocol and maybe
some other bits. It will probably not affect anything but
the security of SOX bearer payments and your privacy.

Symptoms are that WebFunds will appear to work normally, 
except for a diagnostic being printed to stdout. 

Beware if you update your tree.

I'll unbreak WebFunds within a week or so, resulting in a WF
that works on JDK 1.1, 1.2 and 1.3.
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_

• Previous message: [Webfunds-devel] javadoc of webfunds code
• Next message: [Webfunds-devel] HEADS UP: security breakage expected
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]