Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
MD5 Hack Interesting, But Not Threatening
Tim Callan, 2009-01-05

A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Re: Re: MD5 Hack Interesting, But Not Threatening 2009-01-06
Anonymous
all certs moving forward are OK but what about older certs? the vuln still exists, although from reading this article, that point is downplayed severely. With the ease of ARP spoofing many places and the sluggishness at which many organizations will phase out the old MD5 based certs, there will be a...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus