LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Rogue MD5 SSL Certificate Vulnerability
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-30-2008, 04:59 PM   #1
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Exclamation Rogue MD5 SSL Certificate Vulnerability

Quote:
US-CERT is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information.
US-CERT
 
Old 01-02-2009, 06:14 AM   #2
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
A statement regarding this vulnerability has been posted on the Mozilla Security Blog.
 
Old 01-05-2009, 10:49 PM   #3
aus9
Senior Member
 
Registered: Oct 2003
Location: Australia
Posts: 4,258

Rep: Reputation: Disabled
VeriSign makes changes to minimise false certificates
Hi

link is here
http://www.itnews.com.au/News/92102,...cate-flaw.aspx


Mods

feel free to move if you like...but it affects all operating systems and not imho a linux news item?
 
Old 01-06-2009, 09:49 AM   #4
win32sux
Moderator
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
aus9, thanks for the good news.

I've merged your post into this thread as it's essentially the same topic.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Free SSL Certificate??? bobb_roof Linux - Enterprise 1 10-23-2006 01:14 AM
SSL Certificate The_JinJ Linux - General 1 03-21-2005 11:46 PM
ssl-certificate twantrd Linux - General 1 03-31-2004 08:47 AM
Not able to install SSL certificate shekar_300 Linux - Security 1 02-12-2004 01:36 PM
SSL certificate without..... Drogo Linux - Software 1 06-13-2003 02:13 AM


All times are GMT -5. The time now is 11:20 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration