[http://www.h-online.com/security/SSL-flaw-revealed-at-Black-Hat--/news/113880]
Problem here appears to be assuming the input to be a C-type (NULL terminated) string, instead of checking the actual input string length. ===== SSL flaw revealed at Black Hat [...] The flaw both Marlinspikes and Kaminsky have identified is that adding a null character into the string supplied as the domain name will get the CA to issue a fake certificate that browsers will accept as genuine. Marlinspikes' example: www.paypal.com\0.thoughtcrime.org. "In most implementations of SSL," he told the Black Hat audience, "this certificate is completely valid for www.paypal.com." Implementations at risk include browsers, email clients, chat clients, and even SSL VPNs. A user will have no way of detecting a man-in-the-middle attack. [...] ===== -- Soh Kam Yung my Google Reader Shared links: (http://www.google.com/reader/shared/16851815156817689753) my Google Reader Shared SFAS links: (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) _______________________________________________ Slugnet mailing list [email protected] http://wiki.lugs.org.sg/LugsMailingListFaq http://www.lugs.org.sg/mailman/listinfo/slugnet
