Experts uncover weakness in Internet security

this is an official “oh shit” finding. Not good news at all. They talk of some browsers having addressed the problem but I don’t know how long it would take to roll out SHA1 or higher in place of MD5, but I suspect it could be months rather than days and that’s a very big window of opportunity for the Russian Hackers I’ve just stumbled – and thousands of others – to exploit this weakness. Ouch…

The critical issue is “how long will it take for those CAs still using MD5 to switch to SHA1 or higher?” Individually we can check the signing algorithm of each Certificate and “refuse to trust” them if they use MD5. Can’t see that happening, though. If you want to do some online banking and you find they’re using MD5, you’re hardly going to stop until they fix it!

About Harry Stottle
Refugee from the Stumbleupon Blogicide of October 2011 Here you will find my "kneejerk" responses to the world and what I happen to bump into. For my more detailed considerations and proposals, please visit my website or my previous main blogging site.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: