ISR News: Experts Hack VeriSign

December 31, 2008 by ADMIN

Share |

Excerpt from Computerworld.com’s Robert McMillan

With the help of about 200 Sony Playstations, an international team of security researchers has devised a way to undermine one of the algorithms used to protect secure Web sites - a capability that the researchers said could be used to launch nearly undetectable phishing attacks.

To accomplish that, the researchers said today that they had exploited a bug in the MD5 hashing algorithm used to create some of the digital certificates used by Web sites to prove they are what they claim to be. The researchers said that by taking advantage of known flaws in the algorithm, they were able to hack VeriSign Inc.’s RapidSSL.com certificate authority site and create fake digital certificates for any Web site on the Internet.

Using their farm of Playstation 3 machines, the researchers built a rogue certificate authority that could issue bogus certificates. The Playstation’s Cell processor is popular with code breakers because it is particularly good at performing cryptographic functions.

These icons link to social bookmarking sites where readers can share and discover new web pages.

Share |

Filed under: Breach, D&O Liability, Financial, ISR News, Sarbanes-Oxley, Uncategorized, hackers, identity-theft, malware, privacy

Tags: access, Bailout, Banks, blackmarket, Bonds, breaches, bypass, Class Action Lawsuit, ComputerWorld, confidential, Consumers, control, Costs, criminal, cyber terrorism, cybersecurity, Data, Debt, Derivatives, DHS, Dollars, DOW, due diligence, Economy, electronic database, Finance, Financial, flash drives, fraud, FTC, governance, hackers, homeland Security, ID, Identity, identity thief, Information, InfoSec, infrastructure, insider, ISR, laptops, law, liability, markets, meltdown, misuse, Mortgage, national security, News, Obama, online fraud, outsourcing, paperless, privacy rights, proprietary, regulations, risk, Sarbanes-Oxley, Security, sensitive, social security number, Stocks, System, systems, Taxpayers, third party, Uncategorized, unemployment, valuation, vendors, Verisign, Wall Street, Whitehouse

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

Categories
- Anthony M. Freed (26)
- Bill Brenner (2)
- Bob Violino (1)
- Bozidar Spirovski (23)
- Breach (540)
- Britt Womelsdorf (5)
- By Dr. InfoSec (2)
- Cara Garretson (7)
- CCCNews (1)
- Chorey Taylor & Feil (8)
- Christophe Veltsos (2)
- Christopher Burgess (7)
- CIOZone (26)
- Class Action Lawsuit (111)
- Cloud computing (114)
- Coby Royer (5)
- CTO Forum (9)
- D&O Liability (602)
- Daniel Wallace (5)
- Danny Lieberman (11)
- DataLine (10)
- David Alexander (2)
- Derek Crawford (1)
- Doug Pollack (7)
- due diligence (311)
- Fame Foundry (1)
- FEATURE ARTICLE (428)
- Financial (588)
- Fred Leland (7)
- Gene Kim (3)
- Government (374)
- Greg George (5)
- H1N1 (15)
- hackers (540)
- healthcare (135)
- Heather Bourgoin (1)
- HomeATM (8)
- identity-theft (536)
- IDExperts (17)
- Ike Z. Devji (1)
- Infosec Island Network (39)
- Insider Threat (491)
- Internet Crime Complaint Center (1)
- Internet Security Alliance (72)
- ISR News (321)
- Jacqueline Herships (2)
- Jenni Hesterman (3)
- John M. Salomon (2)
- John Watkins (7)
- John-Patrick Skaar (2)
- Kaliber Data Security and Compliance Consultants (3)
- Kat Sanders (2)
- Ken Leeser (3)
- Kevin L. Jackson (10)
- Kevin M. Nixon (21)
- Larry Ketchersid (1)
- Laton McCartney (7)
- Lauren Taylor (1)
- Linda McGlasson (1)
- malware (502)
- Mark Smail (1)
- Mark Wright (1)
- Mel Duvall (3)
- Michael Eggebrecht (3)
- Michael Lohr (1)
- Michael O'Conner (4)
- MicroSolved (1)
- Mike Duncan (3)
- Mike Meikle (4)
- Mike Spinney (1)
- Military (212)
- national security (454)
- PCI (309)
- PCI Security Standards Council (32)
- Physical Security (11)
- privacy (553)
- Rachel James (10)
- reach (12)
- Rebecca Herold (16)
- Richard Stiennon (44)
- Robert Siciliano (34)
- Sarbanes-Oxley (503)
- ScamStop (2)
- Sean Wilkins (2)
- Semyon Dukach (1)
- Simon Heron (14)
- Software Associates (11)
- Steven Fox (19)
- SUPERAntiSpyware (3)
- Sybase (6)
- Symplified (5)
- The Jester (8)
- The Privacy Professor (16)
- Thomas R. Fox (8)
- Tom Groenfeldt (2)
- Tom McLain (2)
- Trefis (14)
- Tripwire (18)
- Uncategorized (621)
- virtualization (102)
- Webcast (49)

Copyright © 2008 To Present · Information-Security-Resources.com (Permissions and Disclaimers) You are welcome to use, for any lawful purpose, the information that WE write and post to this site, provided that you link to and attribute Information-Security-Resources.com and the author(s). Any 3rd-party material linked to or referenced on this site is subject to the rights of the owners of that material.

We provide business consulting services. We do NOT provide legal or financial advice. There is no attorney / client relationship, or any privilege associated with our services. Nothing expressed on this site, or in association with our services, should be taken as legal counsel or financial advice. The opinions expressed on this site are the personal opinions of the writer(s), not those of any other individuals or organizations.

Theme: Copyright © 2008 · Revolution Code Blue designed by Brian Gardner

Information-security-resources.com is part of the Infosec Island network.