Home page logo

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 2 Jan 2009 20:53:06 -0600 (CST)

On Fri, 2 Jan 2009, Dragos Ruiu wrote:
www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation; sid:1000001;)

You can't really use any snort rule to detect SHA-1 certs created by a fake authority created using the MD5 issue.

Yes, this is a serious matter, but it hardly has any operational impact to speak of for users and none for NSPs.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]