Monthly Archives: December 2008
More than one way to skin a CA
Posted: December 31, 2008 – 10:22 pm |
Author: Mike Zusman |
Filed under: Uncategorized
Alex Sotirov, Jacob Appelbaum, and crew did some awesome work. They showed that it was possible to exploit RapidSSL’s use of MD5 for signing certificates in order to create their own rogue CA signing certificate. This exploitation is many orders of magnitude more severe than when I used a loop hole to get the login.live.com [...]
