[IDG] With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack.To do this, they’ve exploited a bug in the digital certificates used by Web sites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack Verisign’s RapidSSL.com certificate authority and create fake digital certificates for any Web site on the Internet.
http://www.infoworld.com/article/08/12/30/Researchers_devise_undetectable_phishing_attack_1.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=knowledge_center&articleId=9124558
http://www.arnnet.com.au/article/271901/Researchers Hack Internet Security Infrastructure
An international team of computer security researchers demonstrated today a key weakness in the Internet infrastructure that could let hackers launch virtually undetectable attacks aimed at intercepting secured online communications when consumers visit bank and e-commerce Web sites.Academic and private security and cryptography experts from the Netherlands, Switzerland and the United States said they have found a way to mimic the digital identity and authority assigned to RapidSSL, a company that helps Internet users correctly distinguish legitimate Web sites from counterfeit or hostile sites.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123001056.html
Researchers devise undetectable phishing attack
[IDG] With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack.