Web Skeleton Key
thanks to a sophisticated attack on the ailing MD5 hash algorithm, a slip-up by Verisign, and about 200 PlayStation 3s.
"We can impersonate Amazon.com and you won't notice," says David Molnar, a computer science PhD candidate at UC Berkeley. "The padlock will be there and everything will look like it's a perfectly ordinary certificate."
The security researchers from the U.S., Switzerland and the Netherlands planned to detail their technique Tuesday, at the 25th Chaos Communication Congress in Berlin. ...
Click title above.
Labels: Web Skeleton Key