In its response to security researchers’ claims of a method to launch undetected attacks on users’ PC by creating forged digital certificates, Microsoft Corp. has asserted that it is not expected to pose any significant threat to users.
Microsoft in its security advisory recognized the exploit of bugs in ‘MD5 hashing algorithm’, so as to create fake digital certificates that serve as a testimony for safe and secured connection between users and websites.
Downplaying the threat to the users, Microsoft said, “This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information”.
In addition, the software giant notified that it hasn’t observed any attacks that have been described the group of security researchers from the US, the Netherlands, Germany, and Switzerland.
While most of the vendors that issue security certificates have upgraded to the latest SHA-1 algorithm, and dumped MD5 algorithm for creating digital certificates, Microsoft added.
Earlier, during the 25th annual Chaos Communication Congress in Berlin, a consortium of researchers had demonstrated the way to create fake digital license of RapidSSL, a firm frequently used by browsers to differentiate genuine websites from malicious ones, and the method was illustrated on around 200 PlayStation 3 gaming consoles.
Go To Page 2 for our comments and more related links
Our Comments
Cryptography is going to play an increasingly important role in everyday life as the number of transactions happening online increases. The current recession is certainly accelerating this as retailers try to cut costs and reduce overheads. Microsoft says that the researchers have not published the cryptographic background to the attack but this doesn't mean that criminals both online and offline won't try to exploit this technique.
Related Links
Researchers' Web Certificate Hack Highlights Big Internet Flaw
(CRN)
Secure Certificate Hack Doesn't Imperil Users
(Tidbits)
Microsoft: MD5 hack poses no major threats to users
(Computer World)
Cracks Emerge in a Web Security Scheme
(Business Week)
MD5 collision creates rogue Certificate Authority
(Crunch Gear)
Researchers Create Web Skeleton Key With 200 PS3s
(Gizmodo)
Boffins bust web authentication with game consoles
(Register)
Tags: Crack, Encryption, Hacking, Microsoft
Add Your Comment
Follow on Twitter
More Articles
News
Hot Topics
Office web is the latest addition to Microsoft's Office business suite and is set to be the company's most revolutionary version.
Microsoft's 14th version of its award winning, multi-billion dollar cash cow business suite, is the company's most ambitious to date.
Spotify is certainly one of the most popular online music websites in the world which is a feat for a service that was officially launched only in February 2009
Featured Content
- The New Voice of the CIO. 158 CIOs in midsized businesses across 31 countries reveal their insights and vision for enhancing
competitiveness over the next five years.
Download Document
Customer Case Studies
- How a wine wholesaler improved the flow of information
Download full case study
- The server that made an entire university smarter
Download full case study
Videos
Latest Tweets
Comments