German researchers have cracked the certificate mechanism for trusted sites. This allows malicious Web sites masquerading as authentic and safe.
The research is now being demonstrated at the annual hacker conference Chaos Communication Congress (CCC). The anually hackers event between Christmas and New Year will be held in Berlin.
The certificates are used for connections through an encrypted digital signature to verify that Internet users on the web are correct. By cloning the popular MD5 signatures the researchers were able to make their own certificates. Browsers couldn’t not tell the difference between real certificates and cloned certificates.
The attack makes Internet users to believe that they are on a secure Website, but this is not the case. The cracking increases the risk of large-scale fraud and phishing attacks, in which it’s not necessary to refer to other domain names.
comment closed