CA StartSSL Compromised, But Says Certificates Not Affected

A certification authority called StartSSL was attacked and compromised recently and forced to suspend the issuance of SSL certificates indefinitely. However, unlike earlier attacks on CAs such as Comodo, the attackers were not able to gain access to the material necessary to issue themselves vali...

MySQL Connector/NET缺少SSL证书验证漏洞

BUGTRAQ ID: 35514 MySQL Connector/Net是MySQL数据库的ADO.NET驱动。 MySQL Connector/Net在使用加密的时候没有对服务器的证书执行验证。在NativeDriver.cs文件中，StartSSL函数依赖于名为 NoServerCheckValidation的验证函数，而该函数没有执行任何验证。此外还有另一个名为ServerCheckValidation 的函数，而该函数被标注掉。 能够对连接执行中间人攻击的攻击者可以通过利用这个漏洞绕过加密验证，从而破坏SSL所提供的安全性。 MySQL AB MySQL Connector/N...