Comodo SSL Certificates Safe from Black Hat Briefings Vulnerabilities
Comodo SSL Certificates Safe from Black Hat Briefings Vulnerabilities
[USPRwire, Wed Aug 19 2009] Certificates issued by Comodo are prey neither to the "Null Character attack" nor to the "MD2 vulnerability" recently revealed at the Black Hat Briefings in Las Vegas.
Moxie Marlinspike's "Null Character attack" tricks a vulnerable CA into issuing a certificate that includes a \0 character (NULL) within the domain name. This allows the attacker to fool a vulnerable web browser into trusting the certificate for a domain name that the CA did not validate. Comodo's CA systems have never been vulnerable to this attack.
Dan Kaminsky's "MD2 vulnerability" warns that pre-image attacks against the MD2 hash algorithm are likely to become possible within months. This would allow an attacker to construct trusted certificates that appear to have been issued by a trusted CA certificate that has an MD2-based digital signature. Comodo have never used the MD2 algorithm, so our CA systems and our customers' certificates will not be affected.
"Comodo is proud to announce that none of its certificates are vulnerable to either threat," said Melih Abdulhayoglu, CEO and Chief Security Architect of Comodo, the largest issuer of high-assurance digital certificates. "The study is interesting, but, fortunately, it does not apply to Comodo's certificates."
About the Black Hat Briefings
The Black Hat Briefings is a regular industry gathering of computer security and government professionals, as well as respected hackers. http://www.blackhat.com/
About Comodo
Comodo is a leading brand in Internet security, covering an extensive range of security software and services, including digital certificates, PCI scanning, desktop security, online faxing, and computer technical support services.
Business and consumers worldwide recognize Comodo as standing for security and trust. Comodo products secure and authentic online transactions for over 200,000 business and have more than 18,000,000 installations of Comodo desktop security software, including an award-winning firewall and antivirus software offered at no charge.
The Comodo family of companies is committed to continual innovation, core competencies in PKI, authentication, and malware detection and prevention. As a catalyst in eliminating online crime, the companies' mission is to establish a Trusted Internet.
With US headquarters overlooking Manhattan on New Jersey's waterfront and global resources in United Kingdom, China, India, Ukraine, and Romania, Comodo products offer intelligent security, authentication, and assurance.
Comodo -- Creating Trust OnlineŽ. For more information, visit Comodo's website.
For more information, reporters and analysts may contact:
Comodo Group, Inc
Newport Tower
525 Washington Blvd., Suite 1400
Jersey City, NJ 07310
Email: media-relations@comodo.com
+1 (201) 963 0004 x4073
