MD5 considered harmful today: Creating a rogue CA certificate « Trey Ford

MD5 considered harmful today: Creating a rogue CA certificate

By treyford

At the Chaos Communication Congress in Berlin, right around NOW, a presentation is being delivered,“MD5 considered harmful today: Creating a rogue CA certificate“

More details, slides, and other goodness here at phreedom.org

a Live video stream will be available, check in at http://events.ccc.de/congress/2008/wiki/Streaming

The talk will be delivered by Alexander Sotirov, Marc Stevens and Jacob Appelbaum.

Update: Rich Mogull has a very solid overview and briefing here. (and for the record, any references to Chuck Norris are aces in my book). His article – What Regular Users Need To Know about the SSL/Root Certificate Authority Exploit

This entry was posted on December 30, 2008 at 8:36 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “MD5 considered harmful today: Creating a rogue CA certificate”

Aa'ed Alqarta Says:
January 1, 2009 at 2:38 am | Reply
Imagine malware authors and phishers start combining rogue ca certificates and infect users’s systems and redirect them to a “fake bank website with valid certificate” … boom !

read more …

http://extremesecurity.blogspot.com/2008/12/kaminskys-dns-bug-rogue-ca-certificates.html

Trey Ford – Security Spin Control

MD5 considered harmful today: Creating a rogue CA certificate

One Response to “MD5 considered harmful today: Creating a rogue CA certificate”

Leave a Reply