, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Expand all |
Post comment
MD5 Hack Interesting, But Not Threatening
2009-01-06
Charlie Miller (1 replies)
Charlie Miller (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-06
Robert Lemos (5 replies)
Robert Lemos (5 replies)
Verisign were notified about this work prior to the presentation
2009-01-06
Alexander Sotirov (1 replies)
Alexander Sotirov (1 replies)
MD5 Hack Interesting, But Not Threatening
2009-01-08
Charles Hunter (1 replies)
Charles Hunter (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-09
Robert Lemos (2 replies)
Robert Lemos (2 replies)
Did you go to the URL that Alexander posted? You can read the correspondence complete with timestamps. There was significant correspondence the SAME day between all parties involved.
"So, yes - they could have recieved the information and also no - they had "not recieved it" yet."
It's true that maybe the Marketing guy wasn't aware of the correspondence and actions going on with the technical personnel involved... BUT on the other hand he shouldn't be making authoritative statements on matters he didn't have full knowledge of. Of course this is probably why he is in Marketing and not testing algorithms. *snicker*
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/488/35301#35301