Ssl Trick Certificate Published


Recommended Posts

30 September 2009,

SSL trick certificate published

On the Noisebridge hacker mailing list, security specialist Jacob Appelbaum has published an SSL certificate and pertinent private key that together allow web servers to avoid triggering an alert in vulnerable browsers - irrespective of the domain for which the certificate is submitted. Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers – which would only be detectable by subjecting the certificate to closer scrutiny.

For his trick, Appelbaum modified the certificate according to the method demonstrated by Moxie Marlinspike at the Black Hat conference, entering a zero character (\0) in the name field (CN, Common Name).

Details at Heise Security - http://www.h-online.com/security/SSL-trick...d--/news/114361

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...