Security Featured Article

Customers of GlobalSign SSL and EV SSL Certificates are safe from the Leading Null Character attack and the MD2 vulnerability, which are used in phishing and masquerading attacks.

 

SSL certificates are digital certificates used in the security protocol on the Internet. Users who make purchase on the web often notice the closed lock icon at the top or bottom of their browser or the https:// prefix in the URL. This denotes that the SSL certificates have been issued for that web site. It also means that the browser has examined the signed certificate received from the Web site.

 

The Leading Null Character attack allows attackers to trick browsers into believing an issued certificate may be used on a domain to which it has not actually been issued. GlobalSign said that the company’s SSL certificates are not susceptible to this type of attack as they do not allow the /0 character to be used in applications.

 

“GlobalSign has been issuing Certificates to provide the strongest SSL security since 1996,” said Steve Waite, marketing director with GlobalSign, in a statement. “The fact that we already protect against these new vulnerabilities, as well as provide further assurances against future attacks with 2048 bit Root Certificates and free SGC (News - Alert) security re-enforces our 12 year-plus commitment to providing the strongest SSL security for our customers.”

 

GlobalSign Certificates have been using SHA-1 algorithm for many years, an algorithm designed by the National Security Agency (News - Alert) and universally accepted by industry and Government as secure. This provides protection from the vulnerability that arises from using the MD2 algorithm.

 

Recently, the company implemented a digital signature program with Clough Harbour & Associates. With this, the partners of CHA can electronically sign documents using GlobalSign's DocumentSign Digital IDs for Adobe PDF solution. This capability will help CHA improve document delivery efficiency and improve its productivity. GlobalSign's DocumentSign solution provided CHA with access to digital signatures using Adobe Acrobat.