WEAK SIGS FOUND ON ONE IN SEVEN SSL SITES

Survey highlights serious spoofability

One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks.

Netcraft reports that 14 per cent of the SSL Certificates it analysed during a recent survey were signed using an MD5 Algorithm recently discovered to be not just weak but vulnerable to practical attack. Last month security researchers at the Chaos Communication Congress showed how a fake certificate with the same digital signature (hash) as a valid certificate might be created. The issue arises because two different inputs to the weak MD5 hashing algorithm can produce the same output.

Keep reading “Weak sigs found on one in seven SSL sites” »