Flame crypto attack was very hard to pull off
In December 2008, at the Chaos Communication Congress in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.
The attack was significant because it showed for the first time that until further notice one of the known theoretical MD5 collision techniques could be used in practice to defeat the security of the HTTPS protocol. To pull off the attack, the researchers used computing power generated by a cluster of 200 PlayStation 3s.
The creators of the Flame cyber-espionage malware used a similar attack to obtain a rogue digital certificate that allowed them to sign code as Microsoft. The certificate was used to distribute Flame to targeted computers as an official Windows update.
Apple yesterday used the Worldwide Developers Conference to announce a new Macbook Pro with a Retina display, iOS6 and other products including a MacBook Air. Here's our video of the WWDC keynote.
- · Rackspace debuts OpenStack cloud servers
- · America's broadband adoption challenges
- · EPAM Systems Leverages the Cloud to Enhance Its Global Delivery Model With Nimbula Director
- · Telcom & Data intros emergency VOIP phones
- · Lorton Data Announces Partnership with Krengeltech Through A-Qua⢠Integration into DocuMailer