View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 13, 2015

Poodle bug afflicts John McAfee SSL start-up

BlackCert prepares to sell certificates, but website appears vulnerable to SSL bug.

By Jimmy Nicholls

The website of John McAfee’s certificate authority start-up appears to be hamstrung by an embarrassing instance of the Poodle bug, affecting the very technology the firm intends to flog.

BlackCert, which will sell SSL certificates used to authenticate two communicating parties online, came out of stealth earlier this week, but according to Qualys SSL Labs’ domain check the web server is vulnerable to Poodle.

Discovered by Google researchers last October, the 15-year-old flaw allow hackers to pull off "man-in-the-middle" attacks, which lets them read data flowing between the web server and web browser that is supposed to be encrypted.

Whilst the flaw might prove irksome for McAfee, whose former company used to carry his name before it was bought by Intel and later rebranded Intel Security, it only affects SSL 3, a security protocol that according to Qualys "is not widely used".

Qualys’ domain check also revealed BlackCert’s web server makes use of the RC4 cipher, which the firm described as "weak", and the site does not support Forward Secrecy, which ensures that once an encrypted communication is complete the only way to read it is to crack the keys.

Earlier this week BlackCert sought to publicise its new service, a key feature of which is $1m (£640,000) liability protection issued with every SSL certificate, with each certificate coming with unlimited server licensing.

Speaking to SiliconAngle, security analyst and BlackCert associate John Casaretto said of the firm: "We have a lot of work ahead of us, and McAfee’s mission of privacy, security and freedom are central to what we are doing.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"Ideas are the easy part, the trick is in taking these ideas and making them into a material success; that’s what we’re doing with BlackCert."

American media reported last week that McAfee had been arrested in his home state of Tennessee for driving whilst drunk, with the tech pioneer also charged for possessing a handgun while drunk.

After his release he told the US broadcaster CNBC: "I was impaired, I must admit."

McAfee has a long-held reputation for eccentricity, having trashed his former company in a YouTube video which saw him surrounded by scantily-clad women.

He was also questioned in 2012 by Belize police over the alleged murder of a neighbour whilst he was living in the Central American country, an incident in which McAfee maintains he was uninvolved.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.