Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

GlobalSign certificates not susceptible to MD2 vulnerability

GlobalSign : 10 August, 2009  (Technical Article)
The recently identified MD2 vulnerability threat to SSL security measures does not affect SSL and EV SSL Certificates from GlobalSign
GlobalSign has reassured customers using GlobalSign SSL and EV SSL Certificates that GlobalSign SSL is already protected against the newly outlined threats to SSL detailed at the recent Black Hat Conference in Las Vegas - referred to as the Leading Null Character attack and the MD2 vulnerability.

The Leading Null Character attack, as highlighted by security researcher Moxie Marlinspike, allows attackers to trick browsers into believing an issued Certificate may be used on a domain to which it has not actually been issued. This attack could theoretically be used in phishing and masquerading attacks. GlobalSign Certificates do not allow the /0 character to be used in applications, and consequently GlobalSign SSL Certificates are not susceptible to this type of attack.

Dan Kaminsky, director of penetration testing for IOActive, presented that Certificates using the Message Digest Algorithm 2 (MD2) may be subject to pre-image attacks later this year. GlobalSign Certificates have never used the MD2 algorithm and have been using the SHA-1 algorithm for many years, an algorithm designed by the National Security Agency (NSA) and universally accepted by industry and Government as secure. This is one of the longest uses of SHA-1 by any major Certificate Authority. So again, GlobalSign SSL is not susceptible to this vulnerability.

'GlobalSign has been issuing Certificates to provide the strongest SSL security since 1996, and we were one of the first Certificate Authorities to have the foresight to create and distribute a 2048 bit Root Certificate, ' says Steve Waite, Marketing Director with GlobalSign, 'the fact that we already protect against these new vulnerabilities, as well as provide further assurances against future attacks with 2048 bit Root Certificates and free SGC security re-enforces our 12 year-plus commitment to providing the strongest SSL security for our customers.'

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo