tssci security

Introducing SSLFail.com

Hey all, I'd like to introduce all of you to a new site Tyler Reguly and I, along with Romain Gaucher and Jay Graver set up last week, SSLFail.com. The site's purpose is to point out the failures in various sites' SSL implementations. We'll be publishing tutorials, and informative articles on SSL in addition to pasting screenshots of high profile sites' failures.

We came up with the idea for the site when Romain came upon an SSL failure with Gmail. Tyler then blogged about it, and then I was getting errors with Facebook.

The interesting things about Gmail, when you go to https://gmail.com, Firefox was the only browser we tested to follow the 301 Redirect to another domain (www.google.com) with a proper SSL certificate. IE7 and Google Chrome on the other hand, asked the user for confirmation before the redirect. Is this a Firefox SSL failure? I don't know, and several others I've spoken with aren't sure how a browser should handle it either.

Anyways, just wanted to point out this new site, which has already gotten some attention from lonervamp at terminal23 and hype-free.

Posted by Marcin on Thursday, January 22, 2009 in Security.

blog comments powered by Disqus
blog comments powered by Disqus