My thoughts as an enterprise Java developer.

Thursday, November 05, 2009

TLS (SSL) compromised!

extendedsubset.com: "There are three general attacks against HTTPS discussed here, each with slightly different characteristics, all of which yield the same result: the attacker is able to execute an HTTP transaction of his choice, authenticated by a legitimate user (the victim of the MITM attack). Some attacks result in the attacker-supplied request generating a response document which is then presented to the client without any certificate warning or other indication to the user. Other techniques allow the attacker to forward or re-purpose client certificate authentication credentials."

Monday, November 02, 2009

Open source as an antitrust strategy | The Open Road - CNET News

Open source as an antitrust strategy | The Open Road - CNET News: "IBM, Intel, Red Hat, and others aren't investing in Linux because they're all chums at the country club together, but rather because they're looking for ways to reduce Microsoft's hold on their own businesses through its control of personal computer and server operating systems.
As an added benefit, it's a great way for companies to collaborate without running afoul of antitrust laws. It's collusion without the collusion."