[SSL Observatory] Syrian fake certificate for Facebook
Andy Isaacson
adi at hexapodia.org
Thu May 5 22:24:15 PDT 2011
On Fri, May 06, 2011 at 05:20:05PM +1200, Peter Gutmann wrote:
> katmagic <the.magical.kat at gmail.com> writes:
>
> >https://www.eff.org/files/syrian-facebook-attack.pem
>
> Thanks. OK, it's something weird, note the 512-bit key, and the
> basicConstraints is non-critical. OTOH they got the 64-bit serial number
> signedness right. Anyone have any ideas wot done it? It doesn't look like
> Windows, OpenSSL, or Entrust.
Am I reading this right?
78 16: SEQUENCE {
<06 03>
80 3: OBJECT IDENTIFIER localityName (2 5 4 7)
: (X.520 DN component)
<0C 09>
85 9: UTF8String 'Alto Palo'
"Alto Palo"? Amusing typo.
Also interesting that it uses UTF8String rather than PrintableString.
-andy
More information about the Observatory
mailing list