SSL broken! Hackers create rogue CA certificate using MD5 collisions

[NucleusKore]

Source: *blogs.zdnet.com/security/?p=2339

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers.

The research, which will be presented today by Alex Sotirov (top left) and Jacob Appelbaum (bottom left) at the 25C3 conference in Germany, effectively defeats the way modern Web browsers trust secure Web sites and provides a way for attackers to conduct phishing attacks that are virtually undetectable.

Read On..........

 

[RCuber]

Cr@p

 

[gary4gar]

Seems Hackers always one step ahead

 

[RCuber]

^^ if we look at history , SSL was just surfacing in 1993 , and by 1996 it started to show some strength.. so it took hackers about 12-13 years to crack it . Are they One step ahead?

 

[gary4gar]

^^ if we look at history , SSL was just surfacing in 1993 , and by 1996 it started to show some strength.. so it took hackers about 12-13 years to crack it . Are they One step ahead?

I am talking in General.

see tell me, one example of any un-hackable system?
if you tell, then i would be your follower, uncle ji

 

[RCuber]

I am talking in General.

see tell me, one example of any un-hackable system?

yea , in general all systems will have flaw or will be reverse engineered, its only a matter of time.

uncle ji

Grrrrrr...

 

[Sukhdeep Singh]

^^ if we look at history , SSL was just surfacing in 1993 , and by 1996 it started to show some strength.. so it took hackers about 12-13 years to crack it . Are they One step ahead?

Blame it on Sony for coming so late with PS3 Processor Power

 

[naveen_reloaded]

200 ps3 ??? wow !!! thats real power....

 

[thewisecrab]

Great. Now all the hacker needs is 200 PS3s to hack a bank.
Considering the price of a PS3, he'll be better off looting the bank at gun point than to go through that effort.

 

[ThinkFree]

Seems Hackers always one step ahead

+1

Blu Ray copy protection cracked months ahead of schedule.

 

[comp@ddict]

Hackers r always 1 step ahead - just like torrent guys, u get movies and games the day b'fore or the day of release.

 

[RCuber]

Great. Now all the hacker needs is 200 PS3s to hack a bank.
Considering the price of a PS3, he'll be better off looting the bank at gun point than to go through that effort.

ROFL ... man this made my day ..

 

[Vishal Patil]

there's nothing that cannot be cracked... updating technology is the only was to ensure that yiou stay safe from attacks. As computing power increases so does the need for make security changes..

 

[MitchNelson]

Verising has resolve the issue much faster then expected. It was MD5 Signature which was cracked. Now, they are offering SHA-1 sing certificate.

Also, you cannot say its cracked because they have not broke the certificate in between and try for Man in Middle attack. Its only that they have created fake certificate which looks like RapidSSL certificate.