l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2009 Jul 30 12:15

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Article link: "Wildcard certificate spoofs web authentication"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Article link: "Wildcard certificate spoofs web authentication"

Wildcard certificate spoofs web authentication
SSL felled by null string
By Dan Goodin
The Register, Enterprise Security, 30th July 2009 03:13 GMT


  The attack [...] exploits a weakness in the process for generating secure
  sockets layer certificates. It works by adding a null string character
  to several certificate fields, a technique that tricks browsers and
  other SSL-enabled programs into misinterpreting the domain name that
  is being authenticated.


  At the moment, version 3.5 of Firefox is the only browser that is
  protected against the attack, although Sassaman said Internet Explorer
  provides some protection too.

FWIW, Firefox 3.5 is available in Ubuntu 9.04 as the "firefox-3.5" package.
(The plain "firefox" package currently gives you Firefox 3.0.12.)

Sent from my computer
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.