Thursday, October 20, 2011
I just renewed an SSL certificate through Digicert. Their site is fantastic and the prices are very good. No per-server charge baloney for wildcard certs, just one set price. I have never seen a CA offer these kind of reissue options right on the website. I have had a couple 'oh shit' moments when I thought I lost a private key file. Re-Key Your Certificate gets rid of that worry! So long Verisign/Thawte, I'll never use you guys again.
Thursday, October 6, 2011
Amex developers have left several debug utilities available on their web site for anyone on the internet to access. The exposed debug is vulnerable to cross site scripting attacks which could be used to steal cookies. Those cookies can then be used to log into accounts as those users. The guy that found it has been trying to inform Amex since Oct 4th. It's been almost 24 hours since the vulnerability went public and Amex still hasn't done anything about it.