200 PS3's Break VeriSign's SSL

Status
Not open for further replies.

ossie

Distinguished
Aug 21, 2008
79
0
18,580
0
microsuxx still faithful to it's corporate spin - security by obscurity - but this "security" model is proven to fail all over again, the unknown been when it'll be defeated, not if.
 

Darkk

Distinguished
Oct 6, 2003
253
0
18,930
0
I have to wonder tho. Remember when 40bit SSL certs was safe until somebody at distributed.net cracked it in 3 days then everybody switched it to 128bit certs? It cost money and time to make the switch.

So have to wonder, is this some kind of a scheme to scare people into "OMG" and force everybody to update their SSL certs?

Attempting to crack security products aren't new, just when they get the media involved people start to panic.
 

zodiacfml

Distinguished
Oct 2, 2008
249
0
18,830
0
computing security is a balancing act.
that might be dangerous but ssl is not the only security precaution on the internet.
 

nekatreven

Distinguished
Feb 20, 2007
246
0
18,830
0
the issue here is that they AREN'T 'fake certs'. they hacked the site and started creating cryptographically IDENTICAL certs. A hash is a hash folks.

That's like someone coming up with a way to make clones of diamonds that come out 100% correct on a molecular level, and then calling the clones fake.

If the chemist can't tell and the jeweler can't tell and it cuts the other damn diamond...WHO CARES.

Same with these certs.

Even if the CA finds the issue and removes the certs from their records, it's STILL a cryptographically valid cert.

If you were to re-buy the cert...this time legit...the hash would still be the same. I bet you wouldn't even have to re-install the old, supposedly fake, certificates.
 

nekatreven

Distinguished
Feb 20, 2007
246
0
18,830
0
Of course I get what can be done with it. That's not hard.

At first I did think this referred to generating certs that never existed before. I suppose it refers to making copies of existing ones. That doesn't really matter either way though.

Even in trying to explain it to me...you just called the cert fake. If it was fake, the victim's browser would not accept it.

A 'copied cert' or a 'stolen cert' perhaps, but if the hashes match, it isn't fake. I don't really think people are grasping that concept.

Like if I had a program that generated duplicates of valid nuclear launch codes...you'd call them fake. That's dangerous.

"...and as the missile boar down upon them they thought to themselves, 'hey maybe fake was the wrong choice of wording here.'..."

This obviously isn't as dire as nuclear warheads, but I still think it is very unwise to call these certs fake. I guess for now I should just be happy they are phasing out md5.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
GregIvins Streaming Video & TVs 4
PS3Owner2019 Streaming Video & TVs 1
S Streaming Video & TVs 2
Z Streaming Video & TVs 2
codietheangrybird Streaming Video & TVs 2
L Streaming Video & TVs 2
codietheangrybird Streaming Video & TVs 1
C Streaming Video & TVs 6
O Streaming Video & TVs 1
C Streaming Video & TVs 3
Y Streaming Video & TVs 1
M Streaming Video & TVs 2
P Streaming Video & TVs 1
A Streaming Video & TVs 6
B Streaming Video & TVs 1
F Streaming Video & TVs 2
S Streaming Video & TVs 1
A Streaming Video & TVs 1
K Streaming Video & TVs 3
R Streaming Video & TVs 2
Similar threads
Solved! S-Video HDM I problem
Question PS3 Internet Nat Type 3
i have a 70's Magnavox console tv with remote but before channel scan and menus. I can't seem to get channel 3.
Solved! I need HDMI from ps3 out to lg sk 9y in to Epson home cinema projector HDMI in. Sound won't play from sound bar only projector
If i Restore my PS3, will i still have my LittleBigPlanet account?
My flat screen television CRA will not go back to my cable no remote only option s I get are pic and sound
I need help to fix my ps3.
Solved! High def sound from Xbox one S to YAS207 to monitor without HDMI arc port
Solved! My HDTV has an HDMI INPUT "CBL/Sat" which presently runs from TV to my Denon AVR {ARC}....IF I Purchase/use a ROKU Streaming S
Solved! How come my rear and center speaker s aren't not working oo my blue ray surround sound by the way u do a great job
Projector Sharp without hdmi to connect to ps3, pretty please
X box 1 s HDMI to older tv
Satellite (DVB-S) and Digital Cable (DVB-C) in one single coaxial cable?
Composite to HDTV?
hdmi port on xbox one s is bad
Could s video switch box casue input delay on a CRT?
TOSHIBA LED TV firmware_file for model for : 32P2400ZE S/N: E41X24H01630K1
Hitachi Roku TV 55R80 while watching TV over Antenna screen will change back and forth from full screen to channel guide and s
Tiny problem with my Panasonic DMR-ES10's time counter while playing discs
LG tv LG sound bar how to get it to work on tv"s remote volume tierd of having to use two remotes

ASK THE COMMUNITY