found this quite interesting! figured this'd be of interest to the backtrack community

[Noisebridge-discuss] Merry Certmas! CN=*\x00thoughtcrime.noisebridge.net
Jacob Appelbaum jacob at appelbaum.net
Tue Sep 29 22:51:33 PDT 2009

Hello *,

In the spirit of giving and sharing, I felt it would be nice to enable other Noisebridgers (and friends of Noisebridge) to play around with bugs in SSL/TLS.

Moxie was just over and we'd discussed releasing this certificate for some time. He's already released a few certificates and I thought I'd join him. In celebration of his visit to San Francisco, I wanted to release fun-times-at-moxie-marlinspike-high. This is a text file that contains a fully valid, signed certificate (with private key) that can be used to exploit the NULL certificate prefix bug[0]. The certificate is valid for * on the internet (when exploiting libnss software). The
certificate is good for two years. It won't work for exploiting the bug for software written with the WIN32 api, they don't accept (for good reason) *! I suggest the use of Moxie's sslsniff[1] if you're so inclined to try network related testing. It may also be useful for testing code signing software.

It's been long enough that everyone should be patched for this awesome class of bugs. This certificate and corresponding private key should help people test fairly obscure software or software they've written themselves. I hope this release will help with confirmation of the bug and with regression testing. Feel free to use this certificate for anything relating to free software too. Consider it released into the public domain of interesting integers.

Enjoy!

Best,
Jacob

[0] http://thoughtcrime.org/papers/null-prefix-attacks.pdf
[1] Moxie Marlinspike >> software >> sslsniff
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fun-times-at-moxie-marlinspike-high
Url: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090929/64249b18/attachment.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 155 bytes
Desc: OpenPGP digital signature
Url : http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090929/64249b18/attachment.pgp
anyone played with this yet?