SharedCopy: Vulnerabilities Allow Attacker to Impersonate Any Website | Threat Level

Post to Basecamp Project ^cancel

Update Twitter ^cancel

UsernameTwitter username
PasswordTwitter password
StatusOptional; max 100 characters: Basically when these vulnerable browsers check the domain name contained in the attacker’s certifi

Bookmark on Del.icio.us ^cancel

Send E-mail ^cancel

Post to a Blog ^cancel

Post to Backpack ^cancel

Post to Trac ^cancel

Post to Bugzilla ^cancel

Post to a Tumblr ^cancel

Update Friendfeed ^cancel

NicknameFriendfeed nickname
Remote KeyGet it at http://friendfeed.com/remotekey
CommentOptional: Basically when these vulnerable browsers check the domain name contained in the attacker’s certificate, they stop reading any characters that follow the “\0″ in the name. More significantly, an attacker can also register a wildcard domain, such as *\0.badguy.com, which would then give him a certificate that would allow him to masquerade as any site on the internet and intercept communication.

Posterous ^cancel

Sharedcopy