Linux Today: Linux News On Internet Time.

More on LinuxToday

SSL Flaw by (Browser) Design?

Jul 23, 2009, 15:02 (0 Talkback[s])
(Other stories by Eddy Nigg)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

[ Thanks to Eddy Nigg for this link. ]

"Some sites reported the alleged attack on EV SSL secured sites as a means to prove that Extended Validation (EV) digital certificates aren't any more secure than regular SSL certificates. That's obviously an interesting claim since EV certificates traditionally cost quite a lot more than those that don't turn the address bar of the browsers green.

"Our two "white hats" were carefully to point out that it's actually not an attack on EV itself, but rather a flaw in design in the way browsers deploy SSL. Sotirov noted that "the main point of our research is not that it is possible to capture everything transmitted during an SSL session. It is that man-in-the-middle attacks against EV SSL certificates are possible if the attacker has a regular (non-EV) certificate for the same domain name."

Complete Story

Related Stories: