Drew Wilson
December 30th, 2008, 08:07 PM
A powerful digital certificate that can be used to forge the identity of any website on the internet is in the hands of in international band of security researchers, thanks to a sophisticated attack on the ailing MD5 hash algorithm, a slip-up by Verisign, and about 200 PlayStation 3s.
"We can impersonate Amazon.com and you won't notice," says David Molnar, a computer science PhD candidate at UC Berkeley. "The padlock will be there and everything will look like it's a perfectly ordinary certificate."
The security researchers from the U.S., Switzerland and the Netherlands planned to detail their technique Tuesday, at the 25th Chaos Communication Congress in Berlin.
At issue is the crypto technology used to ensure visitors to Amazon.com, for example, are actually connected to the online retailer and not to a fake site erected by a fraudster. That assurance comes from a digital certificate that's vouched for and digitally signed by a trusted authority like Verisign. The certificate is transmitted to a user's browser and automatically verified during SSL connections -- the high-security web links heralded by a locked-padlock icon in the browser.
More... (http://blog.wired.com/27bstroke6/2008/12/berlin.html)
This is what happens when a consol loses the consol wars... they start hacking the internet.
"We can impersonate Amazon.com and you won't notice," says David Molnar, a computer science PhD candidate at UC Berkeley. "The padlock will be there and everything will look like it's a perfectly ordinary certificate."
The security researchers from the U.S., Switzerland and the Netherlands planned to detail their technique Tuesday, at the 25th Chaos Communication Congress in Berlin.
At issue is the crypto technology used to ensure visitors to Amazon.com, for example, are actually connected to the online retailer and not to a fake site erected by a fraudster. That assurance comes from a digital certificate that's vouched for and digitally signed by a trusted authority like Verisign. The certificate is transmitted to a user's browser and automatically verified during SSL connections -- the high-security web links heralded by a locked-padlock icon in the browser.
More... (http://blog.wired.com/27bstroke6/2008/12/berlin.html)
This is what happens when a consol loses the consol wars... they start hacking the internet.