Home > slashdot > Become an SSLAdmin In a Few Easy Steps

Become an SSLAdmin In a Few Easy Steps

April 18th, 2010 04:15 admin Leave a comment Go to comments

Renderer of Evil writes “With news that it is rather simple to mimic authority with many webmail providers in order to coax an SSL certificate authority into creating one for the domain, a Canadian security expert has decided to take it upon himself to see who out there is actually vulnerable and provide information to the public on how prevalent this issue is as we speak. Out of eleven webmail services chosen at random and without prejudice, just under half of them permitted him to register with credentials (ssladmin) that allowed him to create an SSL certificate in their name. In most of these cases, there was a pre-existing, legitimately-acquired certificate.”

Source: Become an SSLAdmin In a Few Easy Steps

Related Articles:

  1. Thousands of SSL Certs Issued To Unqualified Names
  2. Certificate Blunders May Mean the End For DigiNotar
  3. Microsoft, Mozilla and Google Ban Malaysian Intermediate CA
  4. Mob-Sourcing — the Prejudice of Crowds
  5. An Interactive Graph of the Certificate Authority Ecosystem
blog comments powered by Disqus