Serious Error in SSL Certificates GeoTrust and RapidSSL
SSL Certificates of GeoTrust and RapidSSL are incorrectly issued, because of a wrong update in the system of VeriSign, manager of both providers. Certificates issued from March 3 till March 12 are standard valid for the root domain as well. Networking4all, Dutch provider of security certificates, have made a tool to verify whether a certificate is affected.
(PRWEB) March 12, 2010 — SSL Certificates of GeoTrust and RapidSSL are incorrectly issued, because of a wrong update in the system of VeriSign, manager of both providers. Certificates issued from March 3 till March 12 are standard valid for the root domain as well. Networking4all, Dutch provider of security certificates, have made a tool to verify whether a certificate is affected.
Different Certificate Authorities add already automatically the additional domain to the certificate. VeriSign recently decided to offer this service to customers of GeoTrust and RapidSSL as well. But an error crept into this implementation.
When applying for a certificate for www.yourdomain.com users will get the domain itself as well, so yourdomain.com without www. However, the problem arises when a certificate is requested on a sub domain, as happens with many Internet providers. If someone would apply for a certificate on customer.domain.com, he get domain.com for free as SAN, because of the issue bug at GeoTrust and RapidSSL.
The tool on www.ismysitesafe.com gives anyone who recently purchased an (possibly) affected certificate the possibility to verify whether the certificate should be replaced.
For many sites, the bug is harmless and most people will not notice the error or will not use it. But only one individual who abuse the situation is enough to punish VeriSign. For example, someone can request consciously a certificate for a sub domain to eavesdrop the root domain. For example by using a man-in-the-middle attack.
See Also:
- StrataScale’s Denoid Tucker to Speak on “Building Infrastructure as a Service” Panel at Cloud Connect
- Free StockRing iPhone App Gives Buy-Sell-Hold Ratings for 1200 Stocks from Healthcare, Energy, Finance, Services and Technology Sectors
- SharePoint Case Study: Bowerman and Brooke LLP Choose Pentalogic SharePoint Reminder
- Spawn Labs Previews New Remote PC Gaming Products at Game Developers Conference 2010; Announces Remote Gaming Latency Reduced to 60 Milliseconds
- Daydream Publish Whitepaper on Enterprise Digital Asset Management for IT Professionals
[Via Computer]
generic medications | kamagra tablets |
cialis super active plus
