, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Expand all |
Post comment
MD5 Hack Interesting, But Not Threatening
2009-01-06
Charlie Miller (1 replies)
Charlie Miller (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-06
Robert Lemos (5 replies)
Robert Lemos (5 replies)
Verisign were notified about this work prior to the presentation
2009-01-06
Alexander Sotirov (1 replies)
Alexander Sotirov (1 replies)
I had a really bad taste in my mouth from that article. I believed going in that Mr. Callan was reporting without bias, while his article clearly is written from Versign's position. It is not inherently bad to have an article written from Verisign's perspective, but it should be clearly noted at the beginning so that the reader doesn't begin to distrust the writer.
Once I realized at the end of the piece that it was written by Verisign, I blew off the piece almost entirely. Had I know it upfront, I still wouldn't give it the same weight as a well thought out counterpoint to a dedicated researcher's work, but I wouldn't have dismissed it so easily.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/488/35306#35306