Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Creating a rogue CA certificate

From: nelson () pangeia com br (Nelson Murilo)
Date: Tue, 30 Dec 2008 18:26:46 -0200

Implementation could be new, but this vulnerabillity is knew since 2004, 
the year that md5 was broken. 

http://www.cryptography.com/cnews/hash.html

./nelson -murilo


On Tue, Dec 30, 2008 at 08:10:16PM +0000, n3td3v wrote:

Aiding script kids to get credit card numbers out of folks e-commerce
purchases. I'm sure the U.S secret service have a special interest in
this vulnerability, as so much of their time nowadays is taken up
following up on internet carders and shutting them down.

On Tue, Dec 30, 2008 at 5:03 PM, Elazar Broad <elazar () hushmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SSL/PKI is only as strong as the weakest CA...

For those of you who haven't been following this, here you go:

http://www.win.tue.nl/hashclash/rogue-ca/
http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: