Never Underestimate the Power of Play Station
Wednesday, December 31st, 2008
The CCC has used brute force (using 200 PS3’s) to generate a intermediate CA certificate. This allows them to make (most) all browsers trust what ever site the CCC wants. This is ideal for phishing sites. A user would not be able to tell the difference between their electronic banking site and some criminal’s site. I’ll repeat that. No user would be able to detect in anyway they were not using the bank’s secure site. Let me say that again. Every time you do some transaction with your bank over the Internet, you might be handing your account over to criminals and there would be no way for you to detect that until after they took you money. And not just banks, it’s the same with e-bay, amazon, paypal, you name it.
The nasty part of it, is that given the tree like structure of trust, you only need to crack one secret, and the whole structure is worthless. This in fact is so dangerous, that the CCC chose to crack an old certificate that expired years ago.
(links (een paar van vele): NRC, /., Hack-a-Day, CCC, 25C3)
