For the Really IT-Security Conscious Person

If you’re reading this, then I’m assuming you’re really interested in IT security (or simply just curious, which is fine ;)). I don’t know if you’ve been keeping your ear to the ground about SSL certificates using the MD5 hash algorithm being cracked, but it happened nearly half a year ago. Quite simply, this means that some of the sites using SSL for secure transactions may not actually be secure. That’s bad. REALLY bad. Thankfully, Márton Anka has come up with a solution for those of us called SSL Blacklist.

In a nutshell, and as is on his site, SSL Blacklist “detects and warns about certificate chains that use the MD5 algorithm for RSA signatures.” This is good for us to know just in case we want to wait for any site we normally conduct a lot of transactions with to upgrade their SSL capabilities.

For those of you who fall into the category of curious that don’t really know the function of an SSL certificate is, that is certificate that allows your secure transactions with sites like Amazon, E-Bay, your bank, and other sites to be secure. IT Security guru Steve Gibson does a fantastic job of explaining both SSL and the flaw discovered in December in episode #177 of his Security Now podcast series. I’ve also noticed his most recent episode (#195) also deals with SSL flaws. I haven’t listened to it yet, but I’m about to. In any case, enjoy and try and stay secure out there.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s