, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Expand all |
Post comment
Verisign were notified about this work prior to the presentation
2009-01-06
Alexander Sotirov (1 replies)
Alexander Sotirov (1 replies)
MD5 Hack Interesting, But Not Threatening
2009-01-08
Charles Hunter (1 replies)
Charles Hunter (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-09
Robert Lemos (2 replies)
Robert Lemos (2 replies)
SecurityFocus has started running guest columns about once a month. Because of the SSL issue, VeriSign was given a invitation to respond in a column.
I can understand your initial reaction. However, rather than focus on the title of the author, I would focus on the content. Is this relevant to security researchers? Yes. Does this contain information that could be valuable to researchers? Yes.
If Microsoft volunteered a column to explain their handling of a security issue with Vista or Internet Explorer, SecurityFocus would accept it, because Microsoft's view would be information that is valuable to our readers.
As far as titles are concerned, with knowledgeable security experts wearing the mantle of Principal Consultant, Human Shield, Program Manager, and CTO, I think you have to look beyond the title to whether they are knowledgeable about the area of security upon which they are commenting.
Thanks,
Robert Lemos
Managaing Editor, SecurityFocus
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/488/35293#35293