Slashdot Mirror


CCC Create a Rogue CA Certificate

t3rmin4t0r writes "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rogue CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, MD5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."

6 of 300 comments (clear)

  1. Alright this Internet is ruined by Anonymous Coward · · Score: 5, Funny

    Let's go make a new one.

  2. Rouge CA? by realmolo · · Score: 5, Funny

    I prefer teal CAs, myself. Or possibly burnt sienna CAs. Sometimes fuschia CAs.

    It's ROGUE you dumbass.

    1. Re:Rouge CA? by nsushkin · · Score: 5, Funny

      I prefer teal CAs, myself. Or possibly burnt sienna CAs. Sometimes fuschia CAs.

      It's ROGUE you dumbass.

      Surely you meant FUCHSIA

  3. Re:from the ... dept? by DoofusOfDeath · · Score: 4, Funny

    Oh noes! What department of Slashdot did this article come from? ...

    Hold on - I'll check the signature.

  4. Re:from the ... dept? by MBCook · · Score: 4, Funny
    Let's put up a poll to see what we can all do!
    • I'll put Taco up at my place
    • I'll donate some food
    • I'll donate some fuel
    • I'll donate some CPU time
    • Taco is a big boy, he can help himself
    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  5. Missing option by pjt33 · · Score: 4, Funny

    I'll set fire to CowboyNeal. That kills two birds with one stone: fuel and food.