Yay for not using safari
Chrome: best browsing experience
Firefox: best debugging experience (firebug)
Opera: best multiplatform mobile browser
Safari: ?
Internet Explorer: ?
Yay for not using safari
It is good to reboot your computer every once in a while."To install the updates, you must restart your computer."
"To install the updates, you must restart your computer."
"To install the updates, you must restart your computer."
Not totally sure about this but I believe DigiNotar has already released CRLs for the compromised certificates so if you have system-wide OCSP and CRL enabled in Keychain Access, the issue is already mitigated.
These features are enabled by default in Lion.
Apparently, DigiNotar does not make it easy to view each individual certificate that has been revoked via the CRLs it releases.
They might have been added to another CRL, hard to say as DigiNotar does not allow directory listing and doesn't have an easy to find list of CRLs they publish either.
That the revocations happened on July 19th, 21st and 27th, and that almost 200 still have an unknown revocation status. [The rogue certificates were issued on July 10th, 18th and 20th].
But, compromised certificates that have been seen in the wild have been revoked.
So, it appears that some action is being taken via CRLs.
http://isc.sans.edu/diary.html?storyid=11500&rss
It should be noted that if all these certificates have been revoked via CRLs than Safari has actually provided better protection than other browsers that have only recently received updates to mitigate this issue.
Do the compromised certificates only exist on Snow Leopard and Lion?
What about Leopard?
Enable OCSP and CRL in the "Keychain Access" preferences.
See the "Mac Security Suggestions" link in my sig for more details (see #14).
Isn't Safari tabbed browsing? As for the UI, thats not the most important part of a web browser. The way it displays the page is what you should care about.Wirelessly posted (Mozilla/5.0 (iPod; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16)
No way I'm switching to FireFox or Chrome I don't like tabbed browsing, and Safari seems to have a better UI than the other ones I do have FireFox installed for some of the plugind
I even use Safari in parallels
You know, you can configure Firefox to take away tabbed browsing if you want.Wirelessly posted (Mozilla/5.0 (iPod; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16)
No way I'm switching to FireFox or Chrome I don't like tabbed browsing,...
...and Safari seems to have a better UI than the other ones I do have FireFox installed for some of the plugind
I even use Safari in parallels
Chrome: best browsing experience
Firefox: best debugging experience (firebug)
I even use Safari in parallels
Apparently, from what I've read, when people used the Kaychain manager to manually remove DigiNotar as a CA, they were able to demonstrate websites known to be using DigiNotar certificates, still being silently accepted in Safari. This was due to a quirk in the way in which OS X handled so-called "EV Certificates".
Are you certain that enabling OCSP and CRL would not also leave you at the mercy of OS X's quirky handling of "EV Certificates"?
Do the compromised certificates only exist on Snow Leopard and Lion?
What about Leopard?
Why Apple taking so much time addressing those issue.... You guys a lagging big time! Still love you soooo much . But switch gear regarding security update!!!!
Basically older Safari versions have become about as secure as older versions of IE. And Safari has become about as unstable and buggy as IE.Do the compromised certificates only exist on Snow Leopard and Lion?
What about Leopard?
But I shouldn't have to--that's one of the things I like about OS X and dislike (or disliked--it's getting better) about Windows. Plus, I can keep my Mac up for weeks, sometimes months, at a time without any problems--and iOS devices for even longer.It is good to reboot your computer every once in a while.
MacNut said:Isn't Safari tabbed browsing? As for the UI, thats not the most important part of a web browser. The way it displays the page is what you should care about.finkmacunix said:No way I'm switching to FireFox or Chrome I don't like tabbed browsing, and Safari seems to have a better UI than the other ones I do have FireFox installed for some of the plugind
I even use Safari in parallels
On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to 4 further high profile Certificate Authorities, and named GlobalSign as one of the 4.
When none of us were looking, IE went and grew up.
Too bad it's still the little kid on the block by a few inches when it comes to standards support though. There is no excuse for the biggest software company in the world to not have implemented the W3C and the WhatWG standards at this point, especially in light of open source groups having done so.