The researchers used the PS3s to exploit a bug in the MD5 hashing algorithm used to generate unique certificates to prove a secured website is actually what it purports itself to be. The certificates work like digital fingerprints that all have a unique numerical value, but the researchers were able to hack into VeriSign Inc.'s RapidSLL.com certificate authority site, exploit the MD5 bug, and create fake certificates that shared the same values. In plain terms: This could, theoretically, be used by hackers to create phony websites that have seemingly legitimate authentication certificates, and then use these fake sites to steal personal information that an unwitting user may feed into it.
While that sounds like scary stuff, the researchers evidently don't believe a similar real-world attack is likely (this might have something to do with the fact that they needed 200 PS3s to accomplish it). Still, the researches stressed that it's an important warning. "It's a wake-up call for anyone still using MD5," said David Molnar, a member of the team from the University of California, Berkley.
Read More...
[Source: 1UP RSS feed]
