Comments | nbda1997: The padlock doesn't mean secure anymore

nbda1997

The padlock doesn't mean secure anymore

Jan 05, 2009 15:17

The next time you do some online banking or purchase something with a credit card online, be very careful.

http://www.heise-online.co.uk/news/25C3-MD5-collisions-crack-CA-certificate--/112327Some researchers have figured out how to create rouge web site certificates which your browser will find to be perfectly legitimate. Basically, they ( Read more... )

Comments 2

Intermediate Signer ext_141519 January 6 2009, 20:14:21 UTC

If I read this correctly this means that you have to trust your root signer to not sign a "special" intermediate authority. Did you read that the same way? Seems big corps are far less vulnerable since they (presumably) verify their intermediates with more accountability?

The Cheese Man

Re: Intermediate Signer nbda1997 January 6 2009, 21:56:40 UTC

That sounds about right, although the likelyhood of the attackers being able to successfully predict the sequence number is very low. Not out of the realm of possibility, though...