LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft)

[Posted June 16, 2008 by jake]

SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft)
[Security] Posted Jun 16, 2008 18:22 UTC (Mon) by jake

Netcraft has discovered a "significant number" of bad SSL certificates due to the recent Debian OpenSSL flaw. Some Extended Validation (EV) certificates are among those they found that were generated with the vulnerable code. "The vulnerable certificates afford opportunities to create deceptive sites which use apparently valid SSL certificates, giving the user the impression that the site belongs to the certified organisation. In the case of EV certificates, browsers will also turn the address bar green, even though the certificate may be cloned."

Comments (21 posted)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds