Posted on 01/03/2009 9:26:06 AM PST by snowsislander
BERLIN--A key piece of Internet technology that banks, e-commerce sites, and financial institutions rely on to keep transactions safe suffers from a serious security vulnerability, an international team of researchers announced on Tuesday.
They demonstrated how to forge security certificates used by secure Web sites, a process that would allow a sufficiently sophisticated criminal to fool the built-in verification methods used by all modern Web browsers--without the user being alerted that anything was amiss.
The problem is unlikely to affect most Internet users in the near future because taking advantage of the vulnerability requires discovering some techniques that are not expected to be made public as well as overcoming engineering hurdles: performing the initial digital forgery consumed approximately two weeks of computing time on a cluster of 200 PlayStation 3 consoles. In addition, a criminal needs to find a way to reroute traffic from a legitimate Web site to his own, perhaps through techniques that have become well-known in the last few years.
Yet if one group can do it today, others eventually will. "We have a proof-of-concept that allows us to impersonate any supposedly secure Web site on the Internet," said David Molnar, a doctoral student in computer science at the University of California at Berkeley.
(Excerpt) Read more at news.cnet.com ...
Microsoft: MD5 hack poses no major threats to users
Creating a rogue CA certificate (original source; good technical explanations and it has collected official responses from Microsoft, Mozilla, Verisign, and others.)
In one article these guys are an “international team or researchers” and in another they are “hackers”. What gives?
or = are, sorry
Isn’t it nice of the press to offer them the Betty Crocker Crook Book?
The bad guys and the good guys have know this was possible for months/years.
Alarmism and the ‘net go hand in hand but SSL underpins all current e-commerce sites.
Think of it as having a passkey to every room in every hotel and you can grasp the potential impact.
It’s kinda like legalizing drugs, expanding the pool and rate of decay doesn’t help anybody.
They are researchers.
The fact is that expanding the pool of pollutants in society doesn't help.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.