QuoVadis - Constant Protection for your online business
Click to search.
Corporate
Management
Clients
Partners
Business Partners
Technology Partners
Accreditations
News/Events

News/Events

Tagesanzeiger of 4th August 2009: "Hackers find weakness in web browsers"
5 Aug 2009

Two American researchers have checked the authentication workflows of certification authorities. They found out how they could get an SSL certificates for websites that do not belong to them by manipulating their certificate requests. With the help of an added “\0” (or NULL), in some browsers they are able to spoof users that they are viewing a real site where in fact they are seeing an imposter site. The user, trusting the allegedly secure site, sends his personal data to the Hacker.

This attack can be accomplished wherever SSL certificates are issued by an automated process that only relies on domain validation.

When QuoVadis issues a certificate, all data is verified by the QuoVadis Registration Authority staff. This excludes the possibility of manipulating the URL Address. QuoVadis SSL certificates stand for verified authenticity and trust.

To indicate the trustworthiness of your website to the outside even better, we recom-mend the use of QuoVadis EV SSL certificates (“the ones with the green address bar”).

Further information about this newest incident can be found here:
http://www.hacker.tagesanzeiger.ch
http://www.wired.com/threatlevel/2009/07/kaminsky/

More information about QuoVadis EV SSL certificates can be found here

QuoVadis provides managed digital certificate services for enterprises and governments. QuoVadis identity services include Public Key Infrastructure (PKI); Digital Certificates for authentication, encryption, and digital signature; SSL Certificates and Extended Validation SSL for websites; Time-stamping; and Root Signing for internal PKI. QuoVadis is a Qualified Certification Services Provider (CSP) in Switzerland, the Netherlands, and Bermuda and holds the WebTrust seal. The QuoVadis Root Certificates are trusted in major browsers and operating systems.

Repository | Site Map | Terms of Use | Privacy

© 2000-2010 QuoVadis. All Rights Reserved.