[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Subject: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: jabley at hopcount.ca (Joe Abley)
Date: Fri, 2 Jan 2009 11:00:34 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

On 2009-01-02, at 09:04, Rodrick Brown wrote:

> A team of security researchers and academics has broken a core piece
> of Internet technology. They made their work public at the 25th Chaos
> Communication Congress in Berlin today. The team was able to create a
> rogue certificate authority and use it to issue valid SSL certificates
> for any site they want. The user would have no indication that their
> HTTPS connection was being monitored/modified.

I read a comment somewhere else that while this is interesting, and  
good work, and well done, in practice it's much easier to social- 
engineer a certificate with a stolen credit card from a real CA than  
it is to create a fake CA.

(I'd give proper attribution if I could remember who it was, but it  
put things into perspective for me at the time so I thought I'd share.)

Joe

Follow-Ups:
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: martin at airwire.ie (Martin List-Petersen)
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: ge at linuxbox.org (Gadi Evron)

References:
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: rodrick.brown at gmail.com (Rodrick Brown)

Prev by Date: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Next by Date: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Previous by thread: Security team successfully cracks SSL using 200 PS3's and MD5
Next by thread: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Index(es):
- Date
- Thread