Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
MD5 Hack Interesting, But Not Threatening
Tim Callan, 2009-01-05

A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Re: Re: Verisign were notified about this work prior to the presentation 2009-01-08
Anonymous
This, and the merger as an excuse for not switching away from MD5, sounds like bad management is the real thread to security here. Corporations working in the security sector cannot afford for a critical bit of information to be floating around the office for weeks prior to getting to the right pers...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus