Security team successfully cracks SSL using 200 PS3's and MD5
Robert Mathews (OSIA)
mathews at hawaii.edu
Fri Jan 2 17:56:19 UTC 2009
Joe Greco wrote:
> [ .... ]
>
> Either we take the potential for transparent MitM attacks seriously, or
> we do not. I'm sure the NSA would prefer "not." :-)
>
> As for the points raised in your message, yes, there are additional
> problems with clients that have not taken this seriously. It is, however,
> one thing to have locks on your door that you do not lock, and another
> thing entirely not to have locks (and therefore completely lack the
> ability to lock). I hope that there is some serious thought going on in
> the browser groups about this sort of issue.
>
> [ ... ]
>
> ... JG
F Y I, see:
SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
certificates @
http://www.codefromthe70s.org/sslblacklist.aspx
Best.
More information about the NANOG
mailing list