Thursday, October 20, 2011

Digicert is an awesome CA



I just renewed an SSL certificate through Digicert. Their site is fantastic and the prices are very good. No per-server charge baloney for wildcard certs, just one set price. I have never seen a CA offer these kind of reissue options right on the website. I have had a couple 'oh shit' moments when I thought I lost a private key file. Re-Key Your Certificate gets rid of that worry! So long Verisign/Thawte, I'll never use you guys again.

Thursday, October 6, 2011

Zero day exploit dropped on American Express


Amex developers have left several debug utilities available on their web site for anyone on the internet to access. The exposed debug is vulnerable to cross site scripting attacks which could be used to steal cookies. Those cookies can then be used to log into accounts as those users. The guy that found it has been trying to inform Amex since Oct 4th. It's been almost 24 hours since the vulnerability went public and Amex still hasn't done anything about it.


http://qnrq.se/full-disclosure-american-express/


http://seclists.org/fulldisclosure/2011/Oct/284

http://twitter.com/#!/qnrq