We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Twenty-Four Seven Security


This Page May Not Be What You Think It Is

Vote 0 Votes
A trans-Atlantic team of security researchers recently announced that they had hacked a heavily used component of browser security. The team was able to break into the Public Key Infrastructure (PKI), which is used to issue digital certificates for secure websites. The breach was accomplished by exploiting a weakness in the MD5 cryptographic hash function -- the function that allows the construction of different messages with the same MD5 hash.

The technique could be used to mass produce forged certificates and undermine the "web of trust" that allows authenticated websites to receive sensitive information from users by allowing hackers to setup realistic mirror websites and large scale phishing operations. The mock attack exploited a known MD5 weakness -- one that had been frequently pointed out in past. While most authentication has moved away from the aging system, MD5 remains in use by roughly a quarter of certificates. With more and more businesses relying on web apps for traditional computing tasks, it is more important than ever to know how your company's information is being encrypted.

But sorry for the misleading title, as this page is exactly what you think it is.  Peter Schooff's blog on ebizQ.  You are right here.  At least I think you are :)

Leave a comment

Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

Peter Schooff

Peter Schooff is Contributing Editor at ebizQ, and manager of the ebizQ Forum. Contact him at pschooff@techtarget.com

Recently Commented On

Monthly Archives