With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack.
To do this, they've exploited a bug in the digital certificates used by Web sites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack Verisign's RapidSSL.com certificate authority and create fake digital certificates for any Web site on the Internet.
Read full story: Network World
Updates: UPDATED Jan 05, 2009 12:57 PM PDT
MD5 considered harmful today Official Report
One Weak Link to Rule Them All Brian Krebs, Security Fix
The (Not Quite) End Of Security On The Internet George Hulme, InformationWeek
SSL broken! Hackers create rogue CA certificate using MD5 collisions ZDNet
So you can fake your SSL Certificate. That don’t impress me much Aviram Jenik, SecuriTeam
Verisign Discontinues Flawed MD5 Certificates ChannelWeb
The Problem With HTTPS SSL Runs Deeper Than MD5 George Ou, CircleID
MD5 Hack Interesting, But Not Threatening Tim Callan, SecurityFocus
The new MD5/SSL exploit is NOT the end of civilization as we know it Tom Olzak, TechRepublic
Related topics: Cyberattack, Cybercrime, Security
To post comments, please login or create an account.