GlobalSign® Corporate Information

GlobalSign SSL & EV SSL Certificates not susceptible to latest SSL vulnerabilities

GlobalSign SSL Certificates already safe from “Leading Null Character attack” and “MD2 vulnerability” presented at recent Black Hat Conference

August 4, 2009 – GlobalSign today reassured its customers using GlobalSign SSL or EV SSL Certificates that GlobalSign SSL is already protected against the newly outlined threats to SSL detailed at the recent Black Hat Conference in Las Vegas – referred to as the Leading Null Character attack and the MD2 vulnerability.

The Leading Null Character attack, as highlighted by security researcher Moxie Marlinspike, allows attackers to trick browsers into believing an issued Certificate may be used on a domain to which is has not actually been issued.  This attack could theoretically be used in phishing attacks and masquerading attacks.  GlobalSign Certificates do not allow the /0 character to be used in the application process, and consequently GlobalSign SSL Certificates are not susceptible to this type of attack.

Dan Kaminsky, director of penetration testing for IOActive, presented that Certificates using the Message Digest Algorithm 2 (MD2) may be subject to pre-image attacks later this year.  GlobalSign Certificates have never used the MD2 algorithm and have been using the SHA-1 algorithm for many years, an algorithm designed by the National Security Agency (NSA) and universally accepted by industry and Government as secure.  This is one of the longest uses of SHA-1 by any major Certificate Authority.  So again, GlobalSign SSL is not susceptible to this vulnerability.

“GlobalSign has been issuing Certificates to provide the strongest SSL security since 1996, and we were one of the first Certificate Authorities to have the foresight to create and distribute a 2048 bit Root Certificate, “ says Steve Waite, Marketing Director with GlobalSign, “the fact that we already protect against these new vulnerabilities, as well as provide further assurances against future attacks with 2048 bit Root Certificates and free SGC security re-enforces our 12 year-plus commitment to providing the strongest SSL security for our customers.”

For more information on GlobalSign SSL please visit www.globalsign.eu/ssl/

About GMO GlobalSign
Established in 1996 and as a WebTrust accredited public certificate authority, GlobalSign offers publicly trusted SSL Certificates, EV SSL, Managed SSL Services, S/MIME email security and Code Signing for use on all platforms including mobile devices. Its Trusted Root solution uses the widely embedded GlobalSign Root CA certificates to provide immediate PKI trust for Microsoft Certificate Services and internal PKI, eliminating the costs of using untrusted Root Certificates. Its partnership with Adobe to provide Certified Document Services (CDS) enables secure digitally signed PDF documents, certified transcripts and e-invoices.  These core Digital Certificate solutions allow its thousands of authenticated customers to conduct secure online transactions, data transfer, distribution of tamper-proof code, and protection of online identities for secure email and access control.  The company has a history of innovation within the online security industry and has offices in the US, UK, Belgium, Japan, China and Singapore.

GMO Internet Group
GMO Internet Group is one of the most comprehensive providers of industry-leading Internet services worldwide. As well as domain registration, web hosting, ecommerce, and payment processing businesses that each hold the top share in their respective markets in Japan, services operated by the group include Internet advertising, search engine marketing and research. Global online security brand GlobalSign and major Japanese online securities brokerage, GMO CLICK Securities are also group members. In 2011 a new Social Media & Smartphone Platform segment was established bringing together group initiatives in social apps development, flash marketing and Android apps distribution. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. Please visit www.gmo.jp/en for more information.

For further details please contact:

GlobalSign Australia
(AU free call) 1800 447 568