« «
» »

Rogue CA – MD5 collisions for phun and profit

Now this is, umm, interesting..

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Trust no one..

(Via)

This entry was posted on Thursday, January 1st, 2009 at 9:41 pm and is filed under Cryptography, Internet, News, Security, Software. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

  • Recent Posts

  • Recent Comments

  • Random Image

     
    		2005-12-05-14:03_038.JPG
     

  • Categories

  • Archives

  • Meta

Bear
Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Australia
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Australia.