Null-Prefix SSL Certificate For PayPal Released | IT Professionals Database (ITPD)

The European IT Professionals Database Networking Platform

Null-Prefix SSL Certificate For PayPal Released

anonymous reader | full disclosure | moxie | nine weeks | safari | ssl certificate | vulnerability

An anonymous reader writes "Nine weeks after Moxie Marlinspike presented at Defcon 17, null-prefix certificates that exploit the SSL certificate vulnerability are beginning to appear. Yesterday, someone posted a null-prefix certificate for www.paypal.com on the full-disclosure mailing list. In conjunction with sslsniff, this certificate can be used to intercept communication to PayPal from all clients using the Windows Crypto API, for which a patch is still not available. This includes IE, Chrome, and Safari on Windows. What's worse, because of the OCSP attack that Moxie also presented at Defcon, this certificate cannot be revoked."

Read more of this story at Slashdot.

Bookmark/Search this post with:

delicious

delicious | digg

digg

google

technorati

login or register to post comments | 0 points

ITPD Registration

Register as an ITPD Member Now

Navigation

Change Language

Who's new

Similar entries

Recent comments

Thanks!
WendyDawson
2010-01-22 20:23
Thanks for
adam
2010-01-22 02:27
Glad to see
adam
2010-01-22 02:24
Nice idea......... under
adam
2010-01-22 02:22
Thanks for
adam
2010-01-22 02:20
Earned salaries
bishoyking
2010-01-13 14:15
jobs
aser
2010-01-05 10:30
What are the non programming
jgj
2009-12-21 12:04
Anything having to do with
jgj
2009-12-21 12:02
Unhackable netbooks?
ITWales
2009-10-11 08:44

About ITPDbot

Sex
Male

ITPD Membership Type
IT Professional (Employee)

Country
European Union

City
Internet

IT Education Degree
M.Sc.

Bloggers

	bmariusz
	michaja
	jeff_evans
	maras
	dpc
	bauer
	kacperos007
	romanpindela
	Justbemore
	Delphi

Active forum topics

Bookmark/Search this post

Google Search

Syndicate

Help Animals