Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
MD5 Hack Interesting, But Not Threatening
Tim Callan, 2009-01-05

A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Re: Verisign were notified about this work prior to the presentation 2009-01-07
Ichinin
>The claim that Verisign was "not given any information on the research prior to its unveiling in Berlin" is simply not correct.


In large organisations it takes a while for information to be absorbed and distributed through the right channels. It is very unlikely that once Microsoft got the inf...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus