WISeKey QuoVadis

News and Events

Researchers find SSL weakness in browsers
10 Aug 2009

Two American researchers have checked the authentication workflows of certification authorities. They found out how they could get an SSL certificates for websites that do not belong to them by manipulating their certificate requests. With the help of an added “\0” (or NULL), in some browsers they are able to spoof users that they are viewing a real site where in fact they are seeing an imposter site. The user, trusting the allegedly secure site, sends his personal data to the Hacker.

This attack can be accomplished wherever SSL certificates are issued by an automated process that only relies on domain validation.

When QuoVadis issues a certificate, all data is verified by the QuoVadis Registration Authority staff. This excludes the possibility of manipulating the URL Address. QuoVadis SSL certificates stand for verified authenticity and trust.

To indicate the trustworthiness of your website to the outside even better, we recommend the use of QuoVadis EV SSL certificates (“the ones with the green address bar”).

Further information about this newest incident can be found here

More information about QuoVadis EV SSL certificates can be found here.