[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 2 May 2013 10:20:58 +0100 Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote: Hello Martijn, >I'm willing to give Google the benefit of the doubt here, especially >if the do it consistently. I assume they have a good reason for doing >so. It's all very sensible from the point of view, I'm sure. Of course, there are plenty of people that find it odd, annoying or contrary to safe practise. >You make it sound like they change certificates twice a day. 'Normal This change over cycle has occurred twice within the last year. It lasts a few days until the new certificate is rolled out over all their servers. >users', for whom this kind of thing could indeed be a problem, should >never have to accept a certificate anyway. Maybe not, but that means blindly accepting *all* certs as valid. That's unwise, at best. >They are, but I'm still not sure whether this means that they can get >in any Yahoo account, or that they can easily crack a lot of seemingly >random accounts. The latter is pretty useful if you're a spammer but I've only seen evidence of random accounts used for spamming rather than attacks targeted at specific accounts. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" An old custom to sell your daughter Hong Kong Garden - Siouxsie & The Banshees
Attachment:
signature.asc
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq