Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
MD5 Hack Interesting, But Not Threatening
Tim Callan, 2009-01-05

A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.

Comments Mode:
MD5 Hack Interesting, But Not Threatening 2009-01-05
Anonymous (1 replies)
Re: MD5 Hack Interesting, But Not Threatening 2009-01-22
Anonymous
MD5 Hack Interesting, But Not Threatening 2009-01-06
Charlie Miller (1 replies)
Re: MD5 Hack Interesting, But Not Threatening 2009-01-06
Robert Lemos (5 replies)
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-06
Anonymous (1 replies)
Re: Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-12
Anonymous
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-06
Anonymous
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-08
Anonymous
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-22
Anonymous
When is it "threatening"? When they post your bank statements as part of the presentation? 2009-01-23
Anonymous
MD5 Hack Interesting, But Not Threatening 2009-01-06
Margot (1 replies)
Re: MD5 Hack Interesting, But Not Threatening 2009-01-07
Anonymous
Verisign were notified about this work prior to the presentation 2009-01-06
Alexander Sotirov (1 replies)
Re: Verisign were notified about this work prior to the presentation 2009-01-07
Ichinin (4 replies)
Re: Re: Verisign were notified about this work prior to the presentation 2009-01-07
Anonymous
Re: Re: Verisign were notified about this work prior to the presentation 2009-01-07
Anonymous
Re: Re: Verisign were notified about this work prior to the presentation 2009-01-08
Anonymous
Re: Re: Verisign were notified about this work prior to the presentation 2009-01-08
Anonymous
MD5 Hack Interesting, But Not Threatening 2009-01-08
Charles Hunter (1 replies)
Re: MD5 Hack Interesting, But Not Threatening 2009-01-09
Robert Lemos (2 replies)
Re: MD5 Hack Interesting, But Not Threatening 2009-01-09
Anonymous (1 replies)
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-14
Anonymous
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-16
Charles Hunter
Hilarious Corporate Spin! How about some real answers? 2009-01-10
Anonymous
MD5 Hack Interesting, But Not Threatening 2009-01-12
xort
MD5 Hack Interesting, But Not Threatening 2009-01-12
Chris Fahey
Serious suggestions welcome... 2009-01-15
Robert Lemos
MD5 Hack Interesting, But Not Threatening 2009-02-02
Jamie
Meanwhile Chris Wysopal takes a completely different view, merely two articles above this one. I know who I'm inclined to trust here - especially since I don't believe a word Verisign says since the whole sitefinder debacle.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/488/35352#35352




 

Privacy Statement
Copyright 2009, SecurityFocus