“For his trick, Appelbaum modified the certificate according to
the method demonstrated by Moxie Marlinspike at the Black Hat
conference, entering a zero character ( ) in the name field (CN,
Common Name).“Unlike Marlinspike, however, Appelbaum didn’t enter the zero
between the domain name and the name of Marlinspike’s
thoughtcrime.org domain. Instead, he entered
* 0thoughtcrime.noisebridge.net, effectively creating a wild card
certificate for arbitrary domain names:CN= * 0thoughtcrime.noisebridge.net
OU = Moxie Marlinspike Fan Club
O = Noisebridge
L = San Francisco
ST = California
C = US”
SSL trick certificate published
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis