[Owasp-leaders] Fake SSL Certs flood market

Jim Manico jim.manico at owasp.org
Fri Feb 14 22:44:44 UTC 2014


These fake certs are not signed by a CA. Although bad, browsers will
give strong warnings that these are fraudulent. Cert pinning is not
even necessary here, standard CA verification is all that is needed.
Anyone can create a fake cert like this in two minutes. Why is this
new?

--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 14, 2014, at 11:27 PM, Gregory Disney <gregory.disney at owasp.org> wrote:
>
> http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-deployed-across-the-internet.html
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list