Comodo SSL Certificates Safe from Black Hat Briefings Vulnerabilities

Certificates issued by Comodo are prey neither to the "Null Character attack" nor to the "MD2 vulnerability" revealed at the Black Hat Briefings in Las Vegas.

Moxie Marlinspike's "Null Character attack" tricks a vulnerable CA into issuing a certificate that includes a \0 character (NULL) within the domain name. This allows the attacker to fool a vulnerable web browser into trusting the certificate for a domain name that the CA did not validate. Comodo's CA systems have never been vulnerable to this attack.

Dan Kaminsky's "MD2 vulnerability" warns that pre-image attacks against the MD2 hash algorithm are likely to become possible within months. This would allow an attacker to construct trusted certificates that appear to have been issued by a trusted CA certificate that has an MD2-based digital signature. Comodo have never used the MD2 algorithm, so its CA systems and customers' certificates will not be affected.

write your comments about the article :: 2009 Computing News :: home page