Netcraft's June SSL Survey has found that a significant number of SSL certificates are affected by the Debian OpenSSL vulnerability, including Extended Validation SSL certificates and certificates belonging to banks. The vulnerable certificates afford opportunities to create deceptive sites which use apparently valid SSL certificates, giving the user the impression that the site belongs to the certified organisation. In the case of EV certificates, browsers will also turn the address bar green, even though the certificate may be cloned. Debian OpenSSL flaw does not seem to be over yet. It was discovered a number of SSL certificates are affected by the Debian OpenSSL. This article looks at how this attack is possible.

The link for this article located at Netcraft is no longer available.