User: Password:
Subscribe / Log in / New account

Cache poisoning vulnerability found in BIND

Cache poisoning vulnerability found in BIND

Posted Jul 29, 2007 23:49 UTC (Sun) by dlang (subscriber, #313)
In reply to: Cache poisoning vulnerability found in BIND by tialaramex
Parent article: Cache poisoning vulnerability found in BIND

as for avoiding the "high cost of 'real' SSL certs", they are only really expensive if you buy them from the wrong place. you can get 'real' ssl certs for <$100 individually, and if you are a company that needs a lot of them you can get them in quantity for <$50 (you also don't have to get certs that expire after one year either)

the fact that some people think it's necessary to pay $900 per year for a cert is a testimate to stupidity and marketing.

and frankly if you consider $50 or $100 too expensive then I question if what you are protecting is worth bothering with SSL in the first place.

Self signed certs are not a problem if you use them properly and have the users tell their browsers to install it as a valid cert, but just using them without giving the users a way to do this and expecting them to click through the cert warning is bad for everyone and provides little security to your users.

(Log in to post comments)

SSL Certificate costs...

Posted Jul 30, 2007 15:28 UTC (Mon) by cdmiller (subscriber, #2813) [Link]

If you have 50 FQDN's that need SSL, your looking at a $2500 - $5000 per year expense. Is that a lot to pay given the questionable trustworthiness of the major cert vendors, and the ease of generating a self signed certificate? For $5000 one can easily find hardware capable of hosting 50 domains, an additional $5k can make this redundant, so the current cost of a "browser approved" SSL cert is exorbitant in many situations.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds