An Interest In:
Web News this Week
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
- March 22, 2024
April 6, 2011 07:53 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_vcNcA8bMjg/Thousands-of-SSL-Certs-Issued-To-Unqualified-Names
Thousands of SSL Certs Issued To Unqualified Names
Trailrunner7 writes "The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web's certificate authority infrastructure works--or doesn't. One interesting result of this work is that the folks at the Electronic Frontier Foundation have discovered that there are more than 37,000 legitimate certificates issued by CAs for unqualified names such as "localhost" or "Exchange," a practice that could simplify some forms of man-in-the-middle attacks. "Although signing 'localhost' is humorous, CAs create real risk when they sign other unqualified names. What if an attacker were able to receive a CA-signed certificate for names like 'mail' or 'webmail'? Such an attacker would be able to perfectly forge the identity of your organization's webmail server in a 'man-in-the-middle' attack!""Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_vcNcA8bMjg/Thousands-of-SSL-Certs-Issued-To-Unqualified-Names
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot