|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Charles Miller (cmiller
securityevaluators.com)
Date: Tue Dec 30 2008 - 12:51:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That's great, but it doesn't answer the question we really care
about... who won the T-shirt?
On Dec 30, 2008, at 10:52 AM, Alexander Sotirov wrote:
> Our research team, consisting of 7 researchers from the United States,
> Switzerland and the Netherlands, was able to execute a practical MD5
> collision
> attack and create a rogue Certification Authority trusted by all
> common web
> browsers. This allows us to perform transparent man-in-the-middle
> attacks
> against SSL connections and monitor or tamper with the traffic to
> secure
> websites or email servers.
>
> The infrastructure of Certification Authorities is meant to prevent
> exactly
> this type of attack. Our work shows that known weaknesses in the MD5
> hash
> function can be exploited in realistic attack, due to the fact that
> even after
> years of warnings about the lack of security of MD5, some root CAs
> are still
> using this broken hash function.
>
> More details:
> http://www.phreedom.org/research/rogue-ca/
>
> Enjoy!
>
> Alex
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]