Heise releases SSL checking tools

HEISE ONLINE has released a brace of online security testing tools to help guard web sites and wibblers from the vulnerabilities that might be created by weak Secure Sockets Layer (SSL) certificates. SSL certificates are widely used to secure online financial transactions.

Three weeks ago, news tipped up that a flaw in the Debian Linux distribution had led to the generation of many weak SSL certificates vulnerable to cracking by online cybercriminals.

Heise's two SSL checking tools include an over the network SSL check for websites and an SSL Guardian for web surfers.

The Heise network SSL test enables certificate owners, such as online businesses, to test the cryptographic strength of their own SSL certificates. If the https key submitted is found to be insecure, the network SSL test returns an error message that flags the key as vulnerable.

The SSL Guardian is a downloadable tool for that can be installed by Internet users to alert them when it detects a vulnerable SSL certificate in use at a website. It then offers the user the options of continuing with the insecure transaction anyway, which is definitely not at all recommended, or aborting their access. It also offers the user the opportunity to report the vulnerable SSL certificate to Heise, which presumably will then alert the website operator.

Unfortunately, Heise has so far only released versions of its SSL Guardian that work under flavours of Microsoft Windows. µ

See Also
Debian, Ubuntu flawed for two years
O penSSL bug found in Debian Linux

L'Inq
Heise