Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

• Previous message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Next message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Of course, this will just make the browsers pop up dialog boxes which
> everyone will click OK on...
> 

And brings us to an even more interesting question, since everything is trusting their in-browser root CAs and such. How trustable is the auto-update process? If one does provoke
a mass-revocation of certificates and everyone needs to update their browsers... how do the
auto-update daemons *know* that what they are getting is the real deal? 

[I haven't looked into this, just bringing it up. I'm almost certain its less secure than the joke that is SSL certification].

Happy New Year!

Deepak

• Previous message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Next message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]