Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
MD5 Hack Interesting, But Not Threatening
Tim Callan, 2009-01-05

A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Verisign were notified about this work prior to the presentation 2009-01-06
Alexander Sotirov
I am one of the researchers who presented this work at the CCC congress in Berlin.

We did in fact notify Verisign and all other affected certificate authorities through Microsoft, who agreed to serve as an intermediary. The CAs were notified a week before the presentation. Verisign was made aware...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus