Sections

 

 
Newsletter
Email:

 
RESOURCE SITES






Home | Technology | GlobalSign SSL & EV SSL Certificates not susceptible to latest SSL vulnerabilities

GlobalSign SSL & EV SSL Certificates not susceptible to latest SSL vulnerabilities

Font size: Decrease font Enlarge font
GW_Staff 05 August, 2009 06:00:00

Portsmouth, NH (Gawkwire.com) GlobalSign today reassured customers using GlobalSign SSL and EV SSL Certificates that GlobalSign SSL is already protected against the newly outlined threats to SSL detailed at the recent Black Hat Conference in Las Vegas – referred to as the Leading Null Character attack and the MD2 vulnerability.

The Leading Null Character attack, as highlighted by security researcher Moxie Marlinspike, allows attackers to trick browsers into believing an issued Certificate may be used on a domain to which it has not actually been issued.  This attack could theoretically be used in phishing and masquerading attacks.  GlobalSign Certificates do not allow the /0 character to be used in applications, and consequently GlobalSign SSL Certificates are not susceptible to this type of attack. 

Dan Kaminsky, director of penetration testing for IOActive, presented that Certificates using the Message Digest Algorithm 2 (MD2) may be subject to pre-image attacks later this year.  GlobalSign Certificates have never used the MD2 algorithm and have been using the SHA-1 algorithm for many years, an algorithm designed by the National Security Agency (NSA) and universally accepted by industry and Government as secure.  This is one of the longest uses of SHA-1 by any major Certificate Authority.  So again, GlobalSign SSL is not susceptible to this vulnerability.

 “GlobalSign has been issuing Certificates to provide the strongest SSL security since 1996, and we were one of the first Certificate Authorities to have the foresight to create and distribute a 2048 bit Root Certificate, “ says Steve Waite, Marketing Director with GlobalSign, “the fact that we already protect against these new vulnerabilities, as well as provide further assurances against future attacks with 2048 bit Root Certificates and free SGC security re-enforces our 12 year-plus commitment to providing the strongest SSL security for our customers.”

For more information on GlobalSign SSL please visit www.globalsign.com/ssl/
 




Comments (0 posted):

Post your comment comment
Please enter the code you see in the image:
  • email Email to a friend
  • print Print version
  • Plain text Plain text

 
Tags
No tags for this article

 
Rate this article
0

 
Featured author
David Dunlap David Dunlap has been both a Web host industry analyst and commentator for the past eight years. Prior to his active writing career, David was a network and communications technician for four years. He currently is the Editor-in-Chief for WebHostMagazine.com