What the vulnerability does is prevents the browser from reporting that
a site certificate's "validity" chain is not complete (and thus the site
is not trusted).
What this means is that a user of an affected device who might, say,
purchase something online from a secure site, or log into a site to
upload/download something (e.g. photos) where HTTPS is used for the
authentication process, is subject to "man-in-the-middle" attacks, and
they will not know that their CC details or login credentials are being
harvested.
davidt
On Mon, Feb 24, 2014 at 02:52:59PM +0100, Nathan Wajsman wrote:
> Well, since I don't use encryption, I should be safe ;-)
>
> Cheers,
> Nathan
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|