skip to main | skip to sidebar

Computer Forensics and Incident Response

Tuesday, December 30, 2008

Tubes Clogged, Internets are Broken II

and just to claify, this means that Certificate Authorities using MD5 are broken. Browsers implicitly trust certificates, and to quote:

This ... shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.

My guess is that this attack will be implemented in the wild in the very near future. . .
Posted by Bill at 2:55 PM

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Blog Archive

  • ►  2009 (3)
    • ►  February (2)
    • ►  January (1)
  • ▼  2008 (13)
    • ▼  December (2)
      • Tubes Clogged, Internets are Broken II
      • Tubes Clogged, Internets are Broken
    • ►  September (2)
    • ►  August (1)
    • ►  June (1)
    • ►  May (1)
    • ►  April (2)
    • ►  March (2)
    • ►  February (2)
  • ►  2007 (23)
    • ►  December (1)
    • ►  November (1)
    • ►  October (4)
    • ►  September (1)
    • ►  August (1)
    • ►  July (3)
    • ►  June (7)
    • ►  May (5)

About Me

Bill
I have a computer, I have a gun, I have a MS in Network Security, I use all of the above at work (though, not necessarily in that order).
View my complete profile

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments