A security researcher, who last year demonstrated that X.509 certificate exchanges could carry malicious traffic, has now published his proof-of-concept code.
Fidelis Cybersecurity’s Jason Reaves has disclosed a covert channel that uses fields in X.509 extensions to sneak data out of corporate networks.
The X.509 standard defines the characteristics of public key certificates, and anchors much of the world’s public key infrastructure; for example, it defines the certificates exchanged at the start of a TLS session.
Read more…
Source: The Register