Archive for July, 2009



23
Jul
Comments Off on Are EV SSL certificates insecure?

Are EV SSL certificates insecure?

Today Intrepidus Group reported that EV SSL certificates are susceptible to a “Man-in-the-Middle” attack.

Zusman and Sotirov call their attack “SSL Rebinding” and claim that it can be used to sniff sensitive data as it leaves the user’s browser or to conduct a browser cache poisoning attack against EV SSL Web sites.

This is a major blow to EV SSL certificates and their significantly higher price tag. Something like this is significant enough, that if you are using an EV SSL, it may be a good idea to downgrade until the exploit is fixed.

Copyright © 2024 The Ecommerce Blog, Jamie Estep, All Rights Reserved · Theme design by Themes Boutique