, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Expand all |
Post comment
MD5 Hack Interesting, But Not Threatening
2009-01-06
Charlie Miller (1 replies)
Charlie Miller (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-06
Robert Lemos (5 replies)
Robert Lemos (5 replies)
Verisign were notified about this work prior to the presentation
2009-01-06
Alexander Sotirov (1 replies)
Alexander Sotirov (1 replies)
Can you let us know how you found the VeriSign column? We try to make sure that any distribution channel marks these pieces as a column or opinion piece to stress that they are opinions.
If you came via the SecurityFocus front page, the "article" as you call it, is clearly labeled a column. If you found it via the Columnists aggregation page, then it is even more explicit: "Tim Callan, vice president of product marketing for the company, explains ..."
Is there a distribution channel through which we are not making it clear that these are columns and not news articles?
Thanks.
-R
Managing editor, SecurityFocus
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/488/35307#35307