SSL History and insecurities

  • Up to circa 2003, the implementation of certificate validation in Internet Explorer / Windows did not process the “Basic Constraints” extension properly. The net effect was that anybody with a 100$ certificate could act as a CA and issue “certificates” with arbitrarily chosen name and keys.

  • Because people never learn, the Microsoft implementation of SSL used in ASP.NET was still unpatched as of 2010 (eight years later !) when Rizzo and Duong reimplemented the Vaudenay attack and built a demonstration which recovered HTTP cookies.

certificates – How does SSL/TLS work? – Information Security Stack Exchange.

great history on SSL, i hadn’t kept up on it for a while and was surprised to see how long microsoft had left these vulnerabilities open.. also interesting find i did not know about:

URLs are passed in Referrer headers – if a secure page uses resources, such as javascript, images or analytics services, the URL is passed in the Referrer request header of each embedded request. Sometimes the query string parameters may be delivered to and stored by third party sites.

How Secure Are Query Strings Over HTTPS?

Comments are closed.