Browser Security Fail, MD5 broken, CA gone rogue

A group of security researchers (Alex Sotriov, Jacob Appelbaum, Mark Stevens, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne De Weger) have identified a vulnerability in the public key infrastructure used to issue digital certificates for secure websites. As a proof of concept they have shown they can perform an attack scenario that creates a rogue Certificate Authority (CA) that is trusted by all common browsers. This allows one to impersonate any website on the Internet, including banking and other transaction based sites secured with HTTPS protocol (SSL) (here) with details (here) Continue reading →

The Internet is Doomed, Again, For the First Time Since the Last Time…

As we end the year we have the last of the IEE’s (Internet Ending Events) in 2008 as Alex Sotirov (here) and Jacob Appelbaum (here) provide details as part of their presentation “Making the Theoretical Possible” at the 25c3 – 25th Chaos Communication Congress (here), for those not able to attend the conference in Berlin there will be streaming video (here), of course if the Internet is dead you will need to contact the 25c3 conference organizers and request a VHS be sent via snail mail.

More thoughts from others around the blogosphere (here), (here), (here), and (here). I am sure there will be plenty of updates and analysis once the details are disclosed until then happy surfing and don’t forget that in cyberspace every one can read your screams….