| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081230202646.GD27150@pangeia.com.br> Date: Tue, 30 Dec 2008 18:26:46 -0200 From: nelson@...geia.com.br (Nelson Murilo) To: full-disclosure@...ts.grok.org.uk Subject: Re: Creating a rogue CA certificate Implementation could be new, but this vulnerabillity is knew since 2004, the year that md5 was broken. http://www.cryptography.com/cnews/hash.html ./nelson -murilo On Tue, Dec 30, 2008 at 08:10:16PM +0000, n3td3v wrote: > Aiding script kids to get credit card numbers out of folks e-commerce > purchases. I'm sure the U.S secret service have a special interest in > this vulnerability, as so much of their time nowadays is taken up > following up on internet carders and shutting them down. > > On Tue, Dec 30, 2008 at 5:03 PM, Elazar Broad <elazar@...hmail.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > SSL/PKI is only as strong as the weakest CA... > > > > For those of you who haven't been following this, here you go: > > > > http://www.win.tue.nl/hashclash/rogue-ca/ > > http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists