Researchers Successfully Spoof SSL Digital Certificates With a Fleet of PS3s

It looks like MITM attacks aren’t the only things ripping off SSL certificates these days, it looks like Sony’s PS3 is capable of the act as well! In a recent study conducted with more than 200 PlayStation 3 consoles, researchers were able to create a secure sockets layer certificate for absolutely any web page. The forged certificates were made through a proof-of-concept attack. This particular attack runs by generating millions of possible certificates, and once a pair that contains a special collision in the MD5 hash is found, a legitimate website certificate is requested from one of the authorities that relies on only MD5 to generate signatures. These certificates have been accepted by every major browser. “This break is major,” stated Karsten Nohl, cryptography expert and researcher at the University of Virginia. “It definitely is the most wide-scale attack, because anything short of patching all browsers in the world to not accept the certificates, there's nothing you can do to ... (link)