, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Anonymous
The problem is that the only appropriate title for the article would be something like "Verisign's response to SSL Cert issue", NOT "Interesting, but not threatening."
The title of the author is also relevant - this guy's JOB is damage control.
An official response is one thing. S...
[ more ]