Update: The video of [Moxie]’s presentation is now online.
[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.
If you apply for a certificate, the certificate authority looks at the common name on the form and contacts the domain owner. The CA ignores the subdomain. The trick is to drop in a null character in the subdomain. If you register, http://www.paypal.com[null character].thoughtcrime.org, the CA will contact the owner of thoughtcrime.org and issue the cert. When clients like Firefox use NSS to verify the cert, the null character causes them to think the certficate is valid for http://www.paypal.com because they stop at the null character. Even if the person examines the cert in their browser, it will show http://www.paypal.com.
Wildcards work as well. You could get a certificate for *[null character].thoughtcrime.org and appear as any site you want. [Moxie] has worked out ways to prevent certificate revocation and browser updates too. This new code will be part of sslsniff 0.6.
[Apologies for the odd notation. WordPress apparently strips null characters…]