Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Mozilla warns of unknown root certificate authorit ( 1

suraj.sun writes: Mozilla warns of unknown root certificate authority in Firefox

In a startling revelation, the open-source Mozilla project says that its flagship Firefox browser contains a root certificate authority that doesn’t seem to have a known owner.

Here’s the disclosure by Kathleen Wilson, who serves as a peer for the “CA certificates module” within the Mozilla project:

“I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root. Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS.” A separate bug report identifies the root certificate authority as “RSA Security 1024 V3.”

Interestingly, that root certificate authority is shown as valid in Apple’s System Roots but not in Microsoft’s.

Mozilla’s own Gervase Markham is worried about the implications:follow Ryan Naraine on twitter

The lack of transparency in 2002 re: the source of added roots means we have no idea whether e.g. some malicious actor slipped an extra one into whatever list they were keeping internally to Netscape, and has been MITMing people ever since.

ZDNet :


Ask a Studio Head How To Get Into the Movie Business 170

Larry Meistrich started making movies with next to no money. He's the founder and chairman of NEHST Studios, "a diversified film production, financing and distribution company" that opened its doors in May, 2007. As the above links show, Larry is a serious expert on the inner workings of the movie and TV production business, with a long string of production successes on his resume. Ask him whatever you like. Usual interview rules apply. And who knows? Maybe NEHST will finance your next movie.

Schneier Asks Why We Accept Fax Signatures 531

Bruce Schneier's latest commentary looks into one of my pet peeves: faxed signature requirements. He writes "Aren't fax signatures the weirdest thing? It's trivial to cut and paste -- with real scissors and glue -- anyone's signature onto a document so that it'll look real when faxed. There is so little security in fax signatures that it's mind-boggling that anyone accepts them. Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure..." It's amazing how organizations are sometimes willing to accept low-quality, unverified scans delivered over POTS as authoritative, when they won't take the same information in a high-resolution scan delivered over (relatively secure) email.

Slashdot Top Deals

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson