Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

  • Corporate e-Learning technology has a long and diverse pedigree. As far back as the 1980s, companies were adopting computer-based training to supplement...
    Download

  • Flash technology is becoming more prominent in the storage industry. Offering superior speed and reliability when compared to traditional hard disk drives...
    Download

More on LinuxToday


SSL Flaw by (Browser) Design?

Jul 23, 2009, 15:02 (0 Talkback[s])
(Other stories by Eddy Nigg)

[ Thanks to Eddy Nigg for this link. ]

"Some sites reported the alleged attack on EV SSL secured sites as a means to prove that Extended Validation (EV) digital certificates aren't any more secure than regular SSL certificates. That's obviously an interesting claim since EV certificates traditionally cost quite a lot more than those that don't turn the address bar of the browsers green.

"Our two "white hats" were carefully to point out that it's actually not an attack on EV itself, but rather a flaw in design in the way browsers deploy SSL. Sotirov noted that "the main point of our research is not that it is possible to capture everything transmitted during an SSL session. It is that man-in-the-middle attacks against EV SSL certificates are possible if the attacker has a regular (non-EV) certificate for the same domain name."

Complete Story

Related Stories: