BOFFINS BUST WEB AUTHENTICATION WITH GAME CONSOLES

PS3 fleet spoofs SSL certs

Researchers have uncovered a weakness in the internet’s digital certificate system that allows them to forge counterfeit credentials needed to impersonate virtually any website that relies on the widely used security measure

Armed with more than 200 PlayStation 3 game consoles, the researchers are able to create a secure sockets layer certificate for any website of their choosing. The forged certificate causes all the major browsers to display a message indicating the website the user is visiting is legitimate because it’s been vetted by a trusted certificate authority using supposedly robust cryptographic measures.

Such attacks could make it easier for phishers to impersonate the sites of banks and other sensitive online services. The findings were presented Tuesday at the 25th annual Chaos Communication Congress in Berlin by researchers from Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, Eindhoven University of Technology (TU/e) in the Netherlands and independent labs in California.

Keep reading “Boffins bust web authentication with game consoles” »

Popularity: 2% [?]