---

SSL trick certificate published

“For his trick, Appelbaum modified the certificate according to
the method demonstrated by Moxie Marlinspike at the Black Hat
conference, entering a zero character () in the name field (CN,
Common Name).

“Unlike Marlinspike, however, Appelbaum didn’t enter the zero
between the domain name and the name of Marlinspike’s
thoughtcrime.org domain. Instead, he entered
*0thoughtcrime.noisebridge.net, effectively creating a wild card
certificate for arbitrary domain names:

CN= *0thoughtcrime.noisebridge.net
OU = Moxie Marlinspike Fan Club
O = Noisebridge
L = San Francisco
ST = California
C = US”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis