I guess they are ganging up against us :)


McAfee is now using Verisign Certs… and causing an auto root update on their site visitors to promote Verisign root keys!

They are ganging up against us :BNC

I guess we are doing something right then (:KWL) :■■■■


Heh, I just think it’s funny they call IE7 a “high security” browser…

Looks like Comodo is starting to make folks uncomfortable… :wink:


WTF?!!! ??? :o

If I’m readin’ this beastie right:

  1. “IE-7” is the “answer to a maiden’s prayer”
    (N.B. Yea… Right! Like a hysterectomy is the answer to a maiden’s prayer!)

  2. “Verisign” has implemented something called “EV” - that has to do with cert’s.

  3. McAfee is (without letting the user know?) auto-installing a root certificate update to help “enable” this functionality?

Like I said - WTF?!!

OK, Let’s assume that IE-7 isn’t the bubonic plague… :o

And let’s assume that this EV stuff actually exists, and does something useful.

Question: Is this an “open standard”? Or is this some patented and proprietary thing that VS is doing?

Question: Assuming that Verisign just doesn’t naff around with cert specs w/o some input form this or that international consortium - is this something that Comodo can/will implement and/or is/has already implemented?

OK, if we assume that - somehow or other - IE-7 can auto-update root-certificates on a box, even with consent, THAT WORRIES ME

If some malware writer exploits that hole - pops up a dialog “do you want a free upgrade to Winamp/iTunes or whatever?” - and uses that response (sure! - I’m dumb enough to click on this!), to enable a root update… then the whole idea of “root certificates” being a security measure is pure and unadulterated HORSE HOOEY. (or worse)

IE-7 scared me before - and it’s a resource hog of the worst kind - but this REALLY makes me wonder - if malware writers can modify the root certificate store, then it’s REALLY “showtime” out there in Television Land… They can make ANYTHING IN THE WORLD look like a really great cert.

Oh Sweet Jesus! I may just go back to an abacus…


How a company involved in securities fraud scandal can be considered trustworthy is beyond me.

I followed that link - and what I found there was - shall we say - “interesting”… 88)

Here is the first few paragraphs of that article:

Is McAfee Case a Warmup for Ex-General Counsel Roberts?

Justin Scheck
The Recorder

The trial of a former Network Associates Inc. executive that began Thursday morning really does present some compelling issues. You just might not realize it in the courtroom.

As with many corporate fraud cases, the prosecution of Prabhat Goyal – the ex-CFO of Network Associates, now known as McAfee – hinges on arcane questions of accounting practices and cash flow.

But beneath its rather dry surface, the Goyal case presents a drama that few expected when Goyal was indicted in 2004: A central figure in the case, former McAfee controller Terry Davis, has become a key player in the government’s subsequent indictment of McAfee’s ex-general counsel, Kent Roberts, in connection with misdating stock options.

Roberts is the first Silicon Valley general counsel charged in the stock options backdating scandal. His case is being closely watched by prosecutors and defense lawyers hoping to get a sense of how dozens of other options investigations might play out.

Like I said - this could get REALLY interesting…


See, what you need to do is trust the products, not those who lead the company, unless the products are ■■■■.

We’ll have to agree to disagree then.
The ethics of a company, in my experience, is most affected by those at the top.
If a corporate officer is winking at, turning a blind eye to, or involved in dishonest behavior it’s not long before this mind set filters down through and is adopted by the ranks.
This is why those in positions of leadership are often held to a higher standard in “civilized” society… or at least they used to be. 88)

Yeah. I think it’s been a while…