[Previous] [Next] [Index]
[Thread]
Security/Privacy of Certificates in Netscape 3.0
Hi,
I just got a free certificate from Verisign for Netscape and now
wonder if anyone can use a method to query my certificate in
similar fashion to previous bugs where a user could query the
email address? The Verisign certificate contains your name,
address, and level 2 even contains your SOCIAL SECURITY NUMBER
and BIRTHDATE among other sensitive info.
Let's say the latter info is not in the certificate, just the
name and address to keep this discussion from getting
sidetracked. Is there a way for a web page to run a Java
script or query on the certificate, let's say, for the NAME of
certificate holder and maybe other info, similarly to how there
was a way to get the email address before they closed that
hole)? I'm concerned as I don't want to give snoopy marketers
more info about me than I already have by just surfing the web!
Also it really kills me how for a free ONE MONTH certificate
I must give out my social security number and driver's license
(and birthdate) among other things, THEN when I am done I am
asked for a credit card number and assured this is for
verification purposes only (not to be charged)! At this point
I stopped and closed the browser, deciding against a free
certificate that expires at the end of August 1996.
Gene
--
___
| ._ _ ._ _.._ _ ``I do not fear computers
_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
_____ _| _______________________________________________________
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
[Signature lettering created by ``Figlet Ascii Font Converter''
http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
Follow-Ups: