Slashdot Mirror

← Back to Stories (view on slashdot.org)

CCC Create a Rogue CA Certificate

Posted by CmdrTaco on from the they-even-faked-this-dept dept.

t3rmin4t0r writes "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rogue CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, MD5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."

1 of 300 comments (clear)

  1. Re:You know what I hate? by Ractive · · Score: 0, Offtopic

    Dude this has got to be the most offtopic comment ever