Independent researcher in both California and the Netherlands have discovered a weakness the Internet digital certificate infrastructure, which poses a threat of hackers impersonating site identifications trusted by most web browsers. In essence, hackers could make your browser believe it is on a secure website or email server while virtually undetectable phishing of your system is in progress.

The problem arises from one of several algorithms used to establish a secure https connection, known as MD5. This is not the first weakness discovered in MD5, either. A team of Chinese researchers presented the first one at a 2004 cryptology conference. In that case, they wee able to create a “collision attack, and generate two messages with the same digital signature.

The new discovery makes use of the collision method, but allows the hacker almost complete freedom in creating a rogue certification authority (CA) that will be verified by most commonly used web browsers, including both Microsoft and Mozilla. The team hopes to draw attention to this security weakness, and drive the industry to use stronger encryption methods.

Related posts:

  1. Buying Good home alarms security
  2. PleaseRobMe wants to turn its Foursquare jab into a real security operation
  3. Recommended Security Store