200 PS3s Break VeriSign SSL
Now more than ever, shopping on the Internet is second nature for many people the first country. From the Amazon to buy.com on eBay, millions of dollars are transferred electronically every day between buyer and seller.
With such massive quantities of consumer activity online, such as technology VeriSign SSL (Secure Socket Layer), help keep buyers honest immune to the dangers of phishing attacks and fraud. With the software SSL, and a little experience on the Internet, we can keep themselves and their bank accounts, safe against fraudulent Web sites.
That was until today. Although I’m not going to sound the alarm just Doomsday, however, an international team of experts in Internet security managed to hack SSL.
The feat was the failure of one of the MD5 algorithm used in the issuance of safety certificates for Web sites. The certificates are used to confirm that the site is legitimate and not an attempt to mislead visitors. Once the computer was broken, but the algorithm, which were able to enter the site RapidSSL.com. After that the team was capable of producing fake certificates that they have the same MD5 hash values as legitimate certificates.
According to the report, “the team that made the research has included independent researchers and Jacob Appelbaum Alexander Sotirov, and the team of scientists from the Centrum Wiskunde Informatica, and the Ecole Polytechnique Federale de Lausanne, Eindhoven University of Technology University of California, Berkeley. “From the original story, the team was configured to display their achievements in the Chaos Communication Congress in Berlin.
Even if the results are certainly an achievement, and one in which a terrifying, the team, as well as companies like Microsoft have minimized the vulnerability. “This new revelation does not significantly increase the risk for customers, as researchers have not published the cryptographic core of the attack and the attack is not reproducible without this information,” said Microsoft . Then, if the information is the responsibility of the wrong hands, we are all safe.
Despite subtract the gravity of the string, a member of the team made a point of telling the security of the Internet must change. “It’s an awakening for all those who are still using MD5,” said David Molnar, a team member and graduate student at Berkeley. Tim Callan of VeriSign Vice President of Product Marketing, said RapidSSL.com stop issuing digital certificates based on MD5 at the end of January and is atempting their customers in new security products.
