Well that's going to be fun on the .mil and .gov domains. > -----Original Message----- > From: Vivec [mailto:[email protected]] > Sent: Wednesday, December 31, 2008 11:18 AM > To: cf-community > Subject: SSL has been hacked. False CA certificates possible. > > Sooo...it seems that SSL has been hacked. > > What this means is that hackers can create false CA > certificates that will appear to come from Microsoft, for > example, and thus be automatically accepted by browsers. > The hack took about 200PS3s hooked up in a cluster to create > a single false certificate. > > http://blogs.zdnet.com/security/?p=2339 > > "Our main result is that we are in possession of a "rogue" > Certification Authority (CA) certificate. This certificate > will be accepted as valid and trusted by many browsers, as it > appears to be based on one of the "root CA certificates" > present in the so called "trust list" of the browser. In > turn, web site certificates issued by us and based on our > rogue CA certificate will be validated and trusted as well. > Browsers will display these web sites as "secure", using > common security indicators such as a closed padlock in the > browser's window frame, the web address starting with > "https://"; instead of "http://";, and displaying reassuring > phrases such as "This certificate is OK " when the user > clicks on security related menu items, buttons or links." > > "For example, without being aware of it, users could be > redirected to malicious sites that appear exactly the same as > the trusted banking or e-commerce websites they believe to be > visiting. The web browser could then receive a forged > certificate that will be erroneously trusted, and users' > passwords and other private data can fall in the wrong hands. > Besides secure websites and email servers, the weakness also > affects other commonly used software." > > The solution they say is to have all CAs stop using MD-5 algorithm. > > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:283614 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
