On Black Hat USA 2009 conference, Dan Kaminsky and Moxie Marlinspike presented a way to trick SSL certificate verification implementations to incorrectly check host name against CommonName (CN) or subjectAltName (sAN) specified in the server certificate. This flaw can be used in MITM attacks against SSL clients. For details, check Moxie's presentation:
Certificates here can be used to test various SSL implementations for this flaw. Files here include:
For testing, make sure to have name www.bank.com pointing to an IP address of your testing server and use that name when connecting.
Last update: Fri Aug 7 10:00:53 GMT 2009