Mike Chelen Posted July 31, 2009 Share Posted July 31, 2009 If you apply for a certificate, the certificate authority looks at the common name on the form and contacts the domain owner. The CA ignores the subdomain. The trick is to drop in a null character in the subdomain. If you register, www.paypal.com[null character].thoughtcrime.org, the CA will contact the owner of thoughtcrime.org and issue the cert. When clients like Firefox use NSS to verify the cert, the null character causes them to think the certficate is valid for www.paypal.com because they stop at the null character. Even if the person examines the cert in their browser, it will show www.paypal.com. from black hat presentation http://hackaday.com/2009/07/29/black-hat-2...ull-characters/ probably browsers will be patched soon, still kind of shocking to know such flaws exist Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.