-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good question. Confirmed on Linux version as well (Mozilla/5.0 (X11; U;
Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6). More
information about the rogue-CA can be found here:
http://www.phreedom.org/research/rogue-ca/.
# openssl x509 -in MD5CollisionsInc.pem -noout -text
Certificate:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi 3APA3A,
That's a good question, and here is my answer from the draft version of
an upcoming paper I'm working on:
"
Gaining SNMP write access to a device is already a compromise on its own
and usually considered a potential high risk security issue. Therefore,
Okay, here is a good question after read the updated version of HD Moore Blog
post [1]:
(btw, that is the same question we are talking in twitter)
- Based on the blog post "Results of Investigation into Holyday ISS Claim"
(MSRC) [2], there is no vulnerability related to this case, right? BUT... If a
user has a weak password, a guessable password, you can GUESS the user's
password and get the user's access... Getting all the privileges he/she has.
Okay, I know that there are a lot of best practices floating around, describing
many, many ways to enforce the users to create a strong password instead... But
