Register | Login Submit this form

News -

200 PS3's Used to Expose Internet Security Flaw
Posted on December 30, 2008 by Nikhil

It would seem that the PS3 supercomputer is starting to gain favor among scientists. You may remember our previous article about how a supercomputer cluster of PS3s was used to solve one of the many mysteries surrounding black holes (read about it here). Well, a group of scientists recently used the PS3 supercomputer for something a bit more down to earth: cracking the MD5 algorithm commonly used in secure websites.

Researchers in the Netherlands and Switzerland used a cluster of 200 PS3s to exploit a known weakness in the MD5 algorithm. This allowed them to create false Certification Authorities that are trusted by all modern web browsers. In short, this research allows hackers to launch undetectable phishing attacks, completely defeating the method that current browsers use to trust secure sites.

For the technically savvy, here’s what Alex Sotirov, one of the scientists involved, had to say: “Our main result is that we are in possession of a “rogue” Certification Authority (CA) certificate. This certificate will be accepted as valid and trusted by many browsers, as it appears to be based on one of the “root CA certificates” present in the so called “trust list” of the browser. In turn, web site certificates issued by us and based on our rogue CA certificate will be validated and trusted as well. Browsers will display these web sites as “secure”, using common security indicators such as a closed padlock in the browser’s window frame, the web address starting with “https://” instead of “http://”, and displaying reassuring phrases such as “This certificate is OK” when the user clicks on security related menu items, buttons or links.”

In addition, an attack launched through this MD5 flaw could have serious consequences according to Sotirov: “For example, without being aware of it, users could be redirected to malicious sites that appear exactly the same as the trusted banking or e-commerce websites they believe to be visiting. The web browser could then receive a forged certificate that will be erroneously trusted, and users’ passwords and other private data can fall in the wrong hands. Besides secure websites and email servers, the weakness also affects other commonly used software.”

Luckily, researchers claim that this attack was extremely hard to pull off. The scientists involved will obviously not release the specifics of their hack to the public, and it would take months for anyone else to pull off such a feat successfully. However, any secure sites using MD5 are encouraged to change to a more modern encryption such as SHA-2 or SHA-3 to be safe. Let’s just hope that no hacker gets his hands on 200 PS3s!

Stay tuned to PCN for the latest in PS3 news!

ADD ARTICLE:   Delicious | Digg | Facebook | Google | N4G

You must Login or Register to post comments
Latest Forum Topics

Latest forums topics are currently being displayed.
Top 10 News Stories

Rankings based on last 7 days of user activity

E3 09 - Sony Press Conference Montage E3 09 - Sony Press Conference...
Posted June 7, 2009
Size: 103.99 MB
Category: Events
Guitar Hero Metallica - The Game Guitar Hero Metallica - The Game
Posted March 30, 2009
Size: 9.03 MB
Category: Videos
Guitar Hero Metallica - The Music Guitar Hero Metallica - The M...
Posted March 30, 2009
Size: 8.53 MB
Category: Videos

Latest videos are displayed + MORE VIDEOS
Latest Comments
1. Original Resistance 3 Box Art... 1 Comment(s)
2. PS3 Releases for June 2012 1 Comment(s)
3. DmC Dev: 'I don't care if it ... 1 Comment(s)
4. Zen Studios Announces Zen Pin... 1 Comment(s)
5. Ni No Kuni Coming to Europe i... 1 Comment(s)
6. PS3 Releases for February 2012 1 Comment(s)
7. The Last of Us Characters Loo... 1 Comment(s)
8. Insomniac Explains Why Resist... 1 Comment(s)
9. Win Call of Duty Black Ops Es... 6 Comment(s)
10. PS3's 'PSP Remaster' Games Ca... 1 Comment(s)

Rankings based on user comment activity