Posts by syserr0r 4 publicly visible posts • joined 3 Aug 2011
At least with Microsoft the product support/lifetime is half-decent unlike Apple where you have to upgrade to the newest iToy to continue getting software updates which, when they release a phone every year-or-so, could get fairly inconvenient.
Probably a good job in that respect that the Apple fanboys are devoted enough to always buy the latest/greatest.
Mine is the one with anti-Apple propaganda in the jacket pocket...
Yes, that will be really useful when you're getting a BSOD any time before you can get into the event viewer, say on boot or at the log-on screen. Oh you've never had that before? ... well maybe some of these "power users" actually have some experience working with windows machines that don't perform flawlessly (like in the real world).
I'm not opposed to the new BSOD but saying these "power users" have no right to be concerned about the changes is not entirely true.
There normally are systems in place to prevent exactly what you described (when we last renewed our certificates we had to, among other things, prove that the domain we wanted the certificates for belonged to us) but this is on the front end for customers.
Technically there is nothing to stop any CA issuing certificates for any old domain, it is only their policy and procedure (and the programming of the ordering system) that stops it happening. Once you have hacked into the back-end of a CA with access to sign certificates 'manually' (i.e. not as a customer) you can do what you want.
Also, DNSSEC 'solves' this problem by putting the SSL certificate in the DNS (if you control the DNS you control the domain. Even if you can make new valid certificates you can't put them into the DNS without control of the domain [or compromising the DNS provider ;])
Paris just because...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
