GlobalSign SSL, EV SSL Certificates Protected Against New SSL Attacks
Customers safe from Leading Null Character attack and the MD2 vulnerability, company says
August 7, 2009
PRESS RELEASE
Portsmouth, NH, August 5, 2009 " GlobalSign today reassured customers using GlobalSign SSL and EV SSL Certificates that GlobalSign SSL is already protected against the newly outlined threats to SSL detailed at the recent Black Hat Conference in Las Vegas " referred to as the Leading Null Character attack and the MD2 vulnerability.
The Leading Null Character attack, as highlighted by security researcher Moxie Marlinspike, allows attackers to trick browsers into believing an issued Certificate may be used on a domain to which it has not actually been issued. This attack could theoretically be used in phishing and masquerading attacks. GlobalSign Certificates do not allow the /0 character to be used in applications, and consequently GlobalSign SSL Certificates are not susceptible to this type of attack.
Dan Kaminsky, director of penetration testing for IOActive, presented that Certificates using the Message Digest Algorithm 2 (MD2) may be subject to pre-image attacks later this year. GlobalSign Certificates have never used the MD2 algorithm and have been using the SHA-1 algorithm for many years, an algorithm designed by the National Security Agency (NSA) and universally accepted by industry and Government as secure. This is one of the longest uses of SHA-1 by any major Certificate Authority. So again, GlobalSign SSL is not susceptible to this vulnerability.
"GlobalSign has been issuing Certificates to provide the strongest SSL security since 1996, and we were one of the first Certificate Authorities to have the foresight to create and distribute a 2048 bit Root Certificate, " says Steve Waite, Marketing Director with GlobalSign, "the fact that we already protect against these new vulnerabilities, as well as provide further assurances against future attacks with 2048 bit Root Certificates and free SGC security re-enforces our 12 year-plus commitment to providing the strongest SSL security for our customers."
For more information on GlobalSign SSL please visit www.globalsign.com/ssl/
About GlobalSign Established in 1996 and as a WebTrust accredited public certificate authority, GlobalSign offers publicly trusted SSL, including EV SSL Certificates, S/MIME and Code Signing Certificates for use on all platforms including mobile devices. Its Trusted Root solution uses the widely distributed GlobalSign Root CA certificates to provide immediate PKI trust for Microsoft CA and enterprise CAs, eliminating the costs associated with using untrusted Root Certificates. Its partnership with Adobe to provide Certified Document Services (CDS) enables secure digitally signed PDF e-documents. These core Digital Certificate solutions allow its thousands of customers to conduct secure online transactions and data transfer, distribute tamper-proof code, and bind identities to client certificates for email security and remote two factor authentication. The company has a history of innovation within the online security market and has offices in the US, UK, Belgium, Japan, and China.
About GMO Internet Group GMO Internet Group, headquartered in Japan, is a leading force in the Internet industry offering one of the most comprehensive ranges of Internet services worldwide. The group holds top domestic market share in domain registration, web hosting, and payment processing and provides a host of other Internet services including global online security services, e-commerce solutions, and Internet advertising to both businesses and individuals. At the centre of the group is GMO Internet, Inc. a company listed on the prestigious first section of the Tokyo Stock Exchange (TSE: 9449). Please visit www.gmo.jp/en for further details.
For further details please contact: Steve Waite GlobalSign Ltd 603-507-7060 [email protected]
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024