A Warning Alert

Member John Carter forwards to us the following warning from http://blogs.siliconvalley.com/gmsv/2008/12/hackers-create-secure-sockets-liar.html

"Hackers create Secure Sockets Liar: You know that comforting little padlock icon at the bottom of the browser that lets you know you're on a secure, encrypted connection to a bank, merchant or whatever? It's been picked. An international team of security researchers announced today that, with the help of 200 PlayStation 3 consoles strapped together into a poor man's supercomputer, they had exploited a known weakness in a cryptographic algorithm called MD5 and created a rogue Certification Authority able to forge the certificates used to authenticate Secure Sockets Layer connections (the padlock thingie). In theory, similarly skilled evildoers could steer users to phishing sites that not only looked legit but also appeared to be properly secured. In practice, the evildoers still have some tech work to do to catch up with the white-hat guys, and the exposure of the vulnerability should be enough to encourage the remaining real Certification Authorities using the MD5 function to switch to something a little sturdier. So no need to panic, but also no time to relax. Said cryptography expert Bruce Schneier, 'This is good work, great cryptography. I love the research, but this doesn't matter a whit. There are half a dozen ways to forge certificates and nobody checks them anyway.'"