[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Creating a rogue CA certificate

To: full-disclosure@xxxxxxxxxxxxxxxxx, nelson@xxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Creating a rogue CA certificate
From: "Elazar Broad" <elazar@xxxxxxxxxxxx>
Date: Tue, 30 Dec 2008 16:13:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And they should have listened then, it was only a matter of time
before someone fleshed out a practical attack, and that time is
now. Then again, I am sure there some ATM's out there still using
DES. How many time's do we need to prove Moore's law...

On Tue, 30 Dec 2008 15:26:46 -0500 Nelson Murilo
<nelson@xxxxxxxxxxxxxx> wrote:
>Implementation could be new, but this vulnerabillity is knew since
>2004,
>the year that md5 was broken.
>
>http://www.cryptography.com/cnews/hash.html
>
>./nelson -murilo
>
>
>On Tue, Dec 30, 2008 at 08:10:16PM +0000, n3td3v wrote:
>> Aiding script kids to get credit card numbers out of folks e-
>commerce
>> purchases. I'm sure the U.S secret service have a special
>interest in
>> this vulnerability, as so much of their time nowadays is taken
>up
>> following up on internet carders and shutting them down.
>>
>> On Tue, Dec 30, 2008 at 5:03 PM, Elazar Broad
><elazar@xxxxxxxxxxxx> wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > SSL/PKI is only as strong as the weakest CA...
>> >
>> > For those of you who haven't been following this, here you go:
>> >
>> > http://www.win.tue.nl/hashclash/rogue-ca/
>> > http://www.phreedom.org/research/rogue-ca/md5-collisions-
>1.0.ppt
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAklajuMACgkQi04xwClgpZjS4QP7Beyc04b+CoGgpDWS7ojdnPMdI8Ty
XhEWqZxa5mVyy+uAFIXxc5I/J1BtsZKJPhV+mlIW9zWgUJASvn0LrLKGzzt+Bhlb3rYW
pGiL8UlmBOCf99qYBRF69vevSdA3gdu/JebXIWu33nPB7qZho6SSHYCwF7u5TJILgtI3
aiL33GQ=
=C7PQ
-----END PGP SIGNATURE-----

--
Click to become a master chef, own a restaurant and make millions.
 
http://tagline.hushmail.com/fc/PnY6qxtWo9fln3EqgOtev3Xt2UqYrdnKRqkHGIlsPHfICpCCcCO6k/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Creating a rogue CA certificate
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Creating a rogue CA certificate
Next by Date: Re: [Full-disclosure] o lookie, n3td3v is lying elsewhere now
Previous by thread: Re: [Full-disclosure] Creating a rogue CA certificate
Next by thread: Re: [Full-disclosure] Creating a rogue CA certificate
Index(es):
- Date
- Thread