Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
April 6, 2011 07:53 pm

Thousands of SSL Certs Issued To Unqualified Names

Trailrunner7 writes "The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web's certificate authority infrastructure works--or doesn't. One interesting result of this work is that the folks at the Electronic Frontier Foundation have discovered that there are more than 37,000 legitimate certificates issued by CAs for unqualified names such as "localhost" or "Exchange," a practice that could simplify some forms of man-in-the-middle attacks. "Although signing 'localhost' is humorous, CAs create real risk when they sign other unqualified names. What if an attacker were able to receive a CA-signed certificate for names like 'mail' or 'webmail'? Such an attacker would be able to perfectly forge the identity of your organization's webmail server in a 'man-in-the-middle' attack!""

Read more of this story at Slashdot.



Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_vcNcA8bMjg/Thousands-of-SSL-Certs-Issued-To-Unqualified-Names

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot