A presentation at a recent security conference in Berlin revealed research that appears to threaten the core of a major Internet security protocol, SSL. In fact, it doesn't really threaten anything for now, and we have the researchers to thank for that.
One small part of implementing SSL (Secure Sockets Layer) is the use of hash functions. Many certificate authorities still use an old and weak hash function called MD5, and a compromise of this function allowed the researchers to create their own SSL certificates that would be trusted by any browser out there. Click here to read more on the subject.
The specific issue of MD5-based certificates will probably be cleaned up very soon, before any attackers could replicate the work and implement the ultimate phishing attack, where a fake site would look absolutely authentic. Other compromises of SSL will come in the future and perhaps from a similar approach. (full Story)
No comments:
Post a Comment