Security team successfully cracks SSL using 200 PS3's and MD5

Robert Mathews (OSIA) mathews at hawaii.edu
Fri Jan 2 11:56:19 CST 2009


Joe Greco wrote:
>  [ ....  ]
>
> Either we take the potential for transparent MitM attacks seriously, or 
> we do not.  I'm sure the NSA would prefer "not."  :-)
>
> As for the points raised in your message, yes, there are additional
> problems with clients that have not taken this seriously.  It is, however,
> one thing to have locks on your door that you do not lock, and another
> thing entirely not to have locks (and therefore completely lack the
> ability to lock).  I hope that there is some serious thought going on in
> the browser groups about this sort of issue.
>
>  [ ... ]
>
> ... JG

F Y I, see:

SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
certificates @
http://www.codefromthe70s.org/sslblacklist.aspx

Best.




More information about the NANOG mailing list