shift or die

yapb — yet another perl blog

[LOGO] alech's blog. Perl, Security, Curiosities, Links, Rants, Photos, yadayada

Navigation

Home | Articles

Tags

  • 2009challenge
  • 202c
  • angerwhale
  • chaosradio
  • darmstadt
  • deutsch
  • dns
  • dpw9
  • english
  • ffm
  • firefox
  • funny
  • gpw9
  • kite
  • md5
  • mifare
  • mrmcd
  • mrmcd111b
  • muenchen
  • music
  • nexenta
  • openbc
  • openxpki
  • osx
  • perl
  • ph-neutral
  • photos
  • rant
  • security
  • snowboarding
  • spaces
  • unicode
  • vbscript
  • vegetarisch
  • virtuedesktops
  • vorratsdatenspeicherung
  • xing

Login

Not logged in. Log in.

One more reason against TOFU

Tags: english rant security [+]

Posted on 2008-1-15 (火) at 10:50 pm

I have recently reported a security problem to secure@microsoft.com. Being reasonably paranoid, I sent an S/MIME-encrypted and -signed mail with the detailed description. A few hours later, I got the non-encrypted confirmation back that my mail had been received, a nice case number and the (given) name of the case manager. And my entire mail. TOFU (or how I just learned in the Wikipedia article »jeopardy-style«). Why did I bother to install their S/MIME certificate and the complete certificate chain again?

Last modified: 2008-1-15 (火) at 11:11 pm

Comments on One more reason against TOFU | no comments | Post a comment

[YAML] [XML]


Page generated by Angerwhale version 0.03 (390 ) on 2010-7-31 (土) at 7:01 pm.

Valid XHTML. Valid CSS. Valid SVG. (If you're seeing this, though, you need a better browser so you can actually see them!)