Group attacks flaw in browser crypto security

Group attacks flaw in browser crypto security
Robert Lemos, SecurityFocus 2008-12-30

An international group of security researchers and academic cryptographers urged browser makers and certificate authorities on Tuesday to drop support for digital signatures based on MD5 hashing, after they claimed to have successfully attacked the trust infrastructure of the Internet by creating a fake, but valid, certificate.

Group attacks flaw in browser crypto security 2009-01-01
Extremesecurity.blogspot.com

Imagine malware authors and phishers start combining rogue ca certificates and infect users's systems and redirect them to a "fake bank website with valid certificate" ... boom !

read more ...

http://extremesecurity.blogspot.com/2008/12/kaminskys-dns-bug-rogue-ca-certificates.html...

[ more ]