30

Stories about: null byte poisoning

Rogue PayPal SSL Certificate Available in the Wild A forged SSL certificate that could allow an attacker to trick users of IE, Safari or Chrome on Windows into thinking that a fake PayPal page is legitimate, has been publicly released. The cert exploits an yet-to-be-patched null byte poisoning vulnerability in Microsoft's CryptoAPI.A few months back, during the ... 6 October 2009 05:57 GMT Mozilla Patches Recently Disclosed SSL Vulnerabilities Three SSL implementation vulnerabilities, some of which were publicly disclosed during the Black Hat security conference, have been addressed in the new Mozilla Firefox 3.5.2 and 3.0.13 versions. Patches for Thunderbird and SeaMonkey, which are also vulnerable, will be released at a later date. The Black Hat Briefin... 4 August 2009 05:00 GMT Researcher Spoofs the Entire Web with Wildcard SSL Certificate Security researcher Moxie Marlinspike demonstrated at the Black Hat security conference how an SSL certificate issued for a domain name containing a null byte could be used to spoof any address on the Web. The researcher incorporated the technique into a man-in-the-middle tool called SSLSniff, which he initially rele... 30 July 2009 10:17 GMT