Linux Today: Linux News On Internet Time.

More on LinuxToday

SSL trick certificate published

Oct 01, 2009, 17:02 (0 Talkback[s])

"For his trick, Appelbaum modified the certificate according to the method demonstrated by Moxie Marlinspike at the Black Hat conference, entering a zero character (\0) in the name field (CN, Common Name).

"Unlike Marlinspike, however, Appelbaum didn't enter the zero between the domain name and the name of Marlinspike's thoughtcrime.org domain. Instead, he entered *\00thoughtcrime.noisebridge.net, effectively creating a wild card certificate for arbitrary domain names:

CN= *\00thoughtcrime.noisebridge.net
OU = Moxie Marlinspike Fan Club
O = Noisebridge
L = San Francisco
ST = California
C = US"

Complete Story

Related Stories: