But what is the microchip good for? - Unnamed IBM suit
|
|
|
Security experts work out how to hack banks
INSECURITY experts have found a key weakness in the Internet infrastructure that could let hackers launch undetectable attacks on commerical web sites.
Boffins from the Netherlands, Switzerland and the United States think they can mimic the digital identity and authority assigned to RapidSSL. RapidSSL is an outfit that helps users spot the difference between legitimate Web sites from phishers.
Since RapidSSL is trusted by makers of Internet browsers, they give them a security certificate.
According to the Washington Post, E-commerce and banking sites use these certificates in combination with secure sockets layer (SSL) technology.
However, RapidSSL uses a flawed cryptographic method, called MD5. All the boffins used a collection of techniques including building a supercomputer of 200 PlayStation 3s to reproduce a virtual clone of the digital signature RapidSSL uses to sign SSL certificates.
Basically, a hacker has all they need to take control of a large network, and redirect the users to counterfeit versions of sites designed to steal the user's credentials. The user may never know the difference, because the attacker would have presented the victim's web browser with an SSL certificate.
Verisign said it was ok with the boffins hacking about its RapidSSL. Yesterday they announced that they have fixed the flaw. Besides they are not going to use MD5 certificates after the end of January, so all that effort hacking it was a waste time. µ
Share this:
Share
"Yesterday they announced that they have fixed the flaw."
Err, that particular flaw may, or may not, have been fixed but the problem/opportunity of hacked and/or cracked/hacking and/or cracking banking codes, exists/remains/persists.
And will increase indefinitely and with ever increasing efficacy until such times as endemic and systemic fraudulent practices [which you might like to consider may be money for/from nothing, fractional reserve naked shorting with the Profit and Promisory Note Driver Model] are Beta Secured with a New Promising Deal dDelivery AIdDriver ...... for that would the Competition Floating in the Market Place.
More about which, one only Needs 42 Register Inquiry for Feasting Feeds. I Kid U Not.
IT does however require more than just a Titter of Wit and a Closetted, Cosetted Mind, in Order to Accept Novel Noble Information which Frees up Space and removes Historical Clutter aka Created Hysteria, for ITs Beta Understanding and Greater Enlightenmment.
And it is sad, rather than bad or mad to say, that that is all too often a bridge too far for many to cross/progress across. Nevertheless, though, the Path and ITs WAIs will be Laid for All and Any to Follow.
"Besides they are not going to use MD5 certificates after the end of January, so all that effort hacking it was a waste time." So the bad guys only have one month left to empty my bank account. How reassuring.