Researchers Demo Nearly Undetectable Phishing Scheme | Security | ITBusinessEdge.com

Newsletters Welcome, Guest Log In | Register

This Feed More Feeds

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

Recent Posts

0

Researchers Demo Nearly Undetectable Phishing Scheme

Posted by Kara Reeder Dec 31, 2008 3:54:15 PM

Researchers from the Netherlands, Switzerland and the U.S. say they have found a way to copy the digital identity and authority assigned to VeriSign's RapidSSL, security credentials to help users identify legitimate Web sites.

According to The Washington Post, using a network of 200 PlayStation 3 gaming consoles, the researchers were able to reproduce a virtual clone of the digital signature RapidSSL uses to sign SSL certificates by exploiting a hole in MD5, a cryptographic method used to sign digital certificates.

Once an attacker has taken control of a large network, users trying to visit a specific e-commerce or banking Web site could be redirected to a counterfeit version of the site without their knowledge, where passwords, credit card numbers and other sensitive information could be stolen.

The researchers, who demonstrated a proof-of-concept at the 25th annual Chaos Communication Congress, suggested that companies switch from MD5 to the more secure hash SHA-1. VeriSign took the suggestion to heart and began doubling its efforts to phase out MD5, reports The Tech Herald.

Computerworld notes that besides VeriSign, the researchers list TC TrustCenter AG, EMC Corp.'s RSA unit and Thawte Inc. as other companies that use MD5 to generate their digital certificates.

Sphere: Related Content Print 0 Comments Permalink

Social Web
Send Email

To ShareThis, click on a service below:

Digg

del.icio.us

Email this article to a friend

X

Related Content

Topic: Secure Sockets Layer

[ Blog ] F5 Boosts Application Delivery Platform
[ Article ] The Wider World of the File Transfer Protocol
[ White Paper ] How to Offer the Strongest SSL Encryption

Topic: Usage Management and Monitoring

[ Blog ] A New Era of Application Provisioning Freedom
[ Article ] IT Security Only as Strong as Your Weakest Link
[ White Paper ] Shrink Your Internet Exposure: Nine Totally New Ways to Lower Your Network Risk

Add a comment Leave a comment on this blog post.

There are no comments on this post

Premium Tools

Budget & Finance Toolkit for IT - 2010 Edition

What kind of year are you planning in 2010? Growth or continued "survival mode"? Download a comprehensive collection of templates, forms, instruction and advice that will help you to plan and submit your 2010 IT Budget.

Disaster Recovery & Business Continuity Template Pack

Prepare your company for any type of disaster you can envision and those you cannot. Immediately download this comprehensive set of templates and tools for documenting your business contingency plans.

Related Content

Topic: Phishing

Phishing e-mails, which can look real or laughable, increasingly are targeted and sophisticated

Blog: Spear Phishing Attacks Target Law Firms, Public Relations Organizations

Article: Social Engineering Testing: It Can Come at Any Time in Many Forms

News: Phishing Scam Targets 'Verified by Visa' Authentication Program

Related Topics

Identity Theft, Secure Sockets Layer, Usage Management and Monitoring

Featured White Papers

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

: Mobile Computing Optimization

Mobile computing solutions, tips, and expert commentary that increases the usability and bottom-line benefits of your mobile computing assets.

Featured Whitepapers

It Pays to Understand the Total Cost of Ownership (TCO) for Mobile Computers
: Applications for Mid-size Businesses

Applications that mid-sized businesses can use to improve operational efficiency, accelerate growth, and maintain profitability.

Featured Whitepapers

Leveling the Field: Powerful Software Solutions for Midsize Companies
: Data Warehousing for Business Intelligence

Comprehensive storage solutions for better data access and retrieval, leading to better-informed business decisions.

Featured Whitepapers

Maximizing Operational Efficiency with Oracle Business Intelligence (BI) Applications
: Application Grid

Learn more about this middleware layer that pools and dynamically provisions infrastruction application delivery resources to lower costs and improve efficiency.

Featured Whitepapers

Application Grid: The Ideal Platform for IT Consolidation