Implementation could be new, but this vulnerabillity is knew since 2004, the year that md5 was broken.
http://www.cryptography.com/cnews/hash.html ./nelson -murilo On Tue, Dec 30, 2008 at 08:10:16PM +0000, n3td3v wrote: > Aiding script kids to get credit card numbers out of folks e-commerce > purchases. I'm sure the U.S secret service have a special interest in > this vulnerability, as so much of their time nowadays is taken up > following up on internet carders and shutting them down. > > On Tue, Dec 30, 2008 at 5:03 PM, Elazar Broad <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > SSL/PKI is only as strong as the weakest CA... > > > > For those of you who haven't been following this, here you go: > > > > http://www.win.tue.nl/hashclash/rogue-ca/ > > http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
