[Owasp-leaders] Fake SSL Certs flood market

Jason Johnson jason.johnson at p7n.net
Fri Feb 14 22:49:22 UTC 2014


All my sites use them... Remember LOLROOT they got owned by the GOV. (I
choose who I trust)

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Friday, February 14, 2014 4:45 PM
To: Gregory Disney
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Fake SSL Certs flood market

These fake certs are not signed by a CA. Although bad, browsers will give
strong warnings that these are fraudulent. Cert pinning is not even
necessary here, standard CA verification is all that is needed.
Anyone can create a fake cert like this in two minutes. Why is this new?

--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 14, 2014, at 11:27 PM, Gregory Disney <gregory.disney at owasp.org>
wrote:
>
> http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-dep
> loyed-across-the-internet.html
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list