BlackCert prepares to sell certificates, but website appears vulnerable to SSL bug.
The website of John McAfee’s certificate authority start-up appears to be hamstrung by an embarrassing instance of the Poodle bug, affecting the very technology the firm intends to flog.
BlackCert, which will sell SSL certificates used to authenticate two communicating parties online, came out of stealth earlier this week, but according to Qualys SSL Labs’ domain check the web server is vulnerable to Poodle.
Discovered by Google researchers last October, the 15-year-old flaw allow hackers to pull off "man-in-the-middle" attacks, which lets them read data flowing between the web server and web browser that is supposed to be encrypted.
Whilst the flaw might prove irksome for McAfee, whose former company used to carry his name before it was bought by Intel and later rebranded Intel Security, it only affects SSL 3, a security protocol that according to Qualys "is not widely used".
Qualys’ domain check also revealed BlackCert’s web server makes use of the RC4 cipher, which the firm described as "weak", and the site does not support Forward Secrecy, which ensures that once an encrypted communication is complete the only way to read it is to crack the keys.
Earlier this week BlackCert sought to publicise its new service, a key feature of which is $1m (£640,000) liability protection issued with every SSL certificate, with each certificate coming with unlimited server licensing.
Speaking to SiliconAngle, security analyst and BlackCert associate John Casaretto said of the firm: "We have a lot of work ahead of us, and McAfee’s mission of privacy, security and freedom are central to what we are doing.
"Ideas are the easy part, the trick is in taking these ideas and making them into a material success; that’s what we’re doing with BlackCert."
American media reported last week that McAfee had been arrested in his home state of Tennessee for driving whilst drunk, with the tech pioneer also charged for possessing a handgun while drunk.
After his release he told the US broadcaster CNBC: "I was impaired, I must admit."
McAfee has a long-held reputation for eccentricity, having trashed his former company in a YouTube video which saw him surrounded by scantily-clad women.
He was also questioned in 2012 by Belize police over the alleged murder of a neighbour whilst he was living in the Central American country, an incident in which McAfee maintains he was uninvolved.