New Browser Flaw Weakens EV SSL Trust

July 2009
Channel Insider;7/21/2009, p1
The article reports on the new extended validation SSL (EV SSL) certificates discovered by computer application program developers Mike Zusman and Alex Sotirov. The new EV SSL certificates are designed to combat the trust problems with normal domain validation SSL certificates (DV SSL). Zusman and Sotirov describe the assurance provided by a green glowing bar in the browser, and explain how they were able to take advantage of browser vulnerabilities to perpetrate two different attacks.


Related Articles

  • Design and implementation of a lightweight online certificate validation service. Muñoz, Jose; Esparza, Oscar; Forné, Jordi; Pallares, Esteve // Telecommunication Systems;Jul2009, Vol. 41 Issue 3, p229 

    A PKI (public key infrastructure) provides for a digital certificate that can identify an individual or an organization. However, the existence of a certificate is a necessary but not sufficient evidence for its validity. The PKI needs to provide applications that use certificates with the...

  • Two-party generation of DSA signatures. MacKenzie, Philip; Reiter, Michael K. // International Journal of Information Security;2004, Vol. 2 Issue 3/4, p218 

    We describe a means of sharing the DSA signature function, so that two parties can efficiently generate a DSA signature with respect to a given public key but neither can alone. We focus on a certain instantiation that allows a proof of security for concurrent execution in the random oracle...

  • On the Construction of Efficient Private Signature Scheme. Baoyuan Kang; Hao Xu; Yongzhen Niu // Applied Mechanics & Materials;2014, Issue 548-549, p1343 

    Private signature is a signature which provides signature privacy and restricted transference. Using the private scheme a user can sign a message in such a way that only a designated verifier can verify the signature. In some cases, the signer may want to preserve the privacy forever, which...

  • I'm An Alien -- An Illegal Alien. MacLeod, Calum // Software World;Jul2011, Vol. 42 Issue 4, p16 

    In this article the author shares his views on the failure for information technology (IT) security world to properly implement best practices associated with the expiry of encryption keys and certificates. He discusses several ways in managing certificates which include tracking certificate...

  • Practical Certificateless Aggregate Signatures from Bilinear Maps. ZHENG GONG; YU LONG; XUAN HONG; KEFEI CHEN // Journal of Information Science & Engineering;Nov2010, Vol. 26 Issue 6, p2093 

    No abstract available.

  • CA Certificate.  // Network Dictionary;2007, p81 

    A definition of the term "CA Certificate" is presented. It refers to digital certificates issued by one certificate authority for another certification authority (CA). These certificates are used to identify the CA that issues server and client authentication certificates to the servers and...

  • a New Certificateless Forward Secure Proxy Signcryption Scheme. Kening Liu; Junyao Ye; Yinglian Wang // Applied Mechanics & Materials;2014, Issue 685, p659 

    This paper proposes a new certificateless forward secure proxy signcryption scheme based on DLP. Compared with other similar schemes, the scheme has overcome key escrow problem in the id-based cryptography and saving certificate problem in PKI cryptography. The scheme has some good nature, such...

  • Microsoft sold on smart cards.  // Network World;3/22/2004, Vol. 21 Issue 12, p25 

    Reports that Microsoft Corp. is requiring every one of its 55.200 employees to use smart cards that contain encryption-based digital certificates for preventing computer security break-ins. Microsoft switched from passwords to smart cards, palm-sized computers that store personal information....

  • Why Are The Hackers Targeting Certificate Authorities And What Can You Do About It? MacLeod, Calum // Software World;Mar2012, Vol. 43 Issue 2, p15 

    The article discusses the importance for certificate authority (CA) third-party trust providers to expand the protection of their encryption measures. He notes the increasing number of security companies that were under attack by hackers, sending concern throughout the industry since they failed...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics