Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


SSL trick certificate published

Oct 01, 2009, 17:02 (0 Talkback[s])

"For his trick, Appelbaum modified the certificate according to the method demonstrated by Moxie Marlinspike at the Black Hat conference, entering a zero character (\0) in the name field (CN, Common Name).

"Unlike Marlinspike, however, Appelbaum didn't enter the zero between the domain name and the name of Marlinspike's thoughtcrime.org domain. Instead, he entered *\00thoughtcrime.noisebridge.net, effectively creating a wild card certificate for arbitrary domain names:

CN= *\00thoughtcrime.noisebridge.net
OU = Moxie Marlinspike Fan Club
O = Noisebridge
L = San Francisco
ST = California
C = US"

Complete Story

Related Stories: