An international group of independent security researchers announced Tuesday that they have found a significant weakness in the Internet digital certificate infrastructure used by many Internet businesses. The flaw could conceivably allow cybercriminals to create fake certificates that would then be accepted and trusted by many widely used Internet browsers. The purported weakness could enable a hacker to impersonate secure Web sites and e-mail servers to launch virtually undetectable phishing attacks, according to the researchers from California, the Netherlands and Switzerland.
I maybe wrong here, but isnt MD5 like way out-dated now...? with encryption mechanisms like AES/RSA/SHA1 etc, weren't these problems eliminated..?
Loading ...
Security Wonks Find Gaping Hole in Trusted Site System
Posted by: Walaika Haskins December 30, 2008 03:36 PMAn international group of independent security researchers announced Tuesday that they have found a significant weakness in the Internet digital certificate infrastructure used by many Internet businesses. The flaw could conceivably allow cybercriminals to create fake certificates that would then be accepted and trusted by many widely used Internet browsers. The purported weakness could enable a hacker to impersonate secure Web sites and e-mail servers to launch virtually undetectable phishing attacks, according to the researchers from California, the Netherlands and Switzerland.