what we’re reading, week of 1/5

Posted: January 8, 2009 in Highlights

From around the blogosphere…
Sotirov and Applebaum’s SSL research has triggered some debate and lots of different opinions. Here are five different perspectives on this issue we thought were insightful.

Ryan Naraine from Zero Day got a preview of Sotirov and Applebaum’s research (lucky him). What did he and his two guests, Chris Eng and John Viega, think? No big deal and preventative.
Robert Graham from Errata Security looked at the certificates in detail and concludes not all of them are vulnerable to this attack. How about his other post on the poor Versign reaction? Shouldn’t they be a little better at this?

Bruce Schneier from Schneier on Security does not think the attack is a big deal; that SSL does not provide much security, so breaking it’s not an issue. Do you agree that SSL is not what it’s cracked up to be? Pun intended.

Andrew Storms from 360 Security included the SSL hack as one of 2008 Security Highlights, pointing out that these attacks resonate because of a lack of trust. He’s a believer in people like Sotirov and Applebaum and the good they do.

Mordaxus from Emergent Chaos states that MD5 has been broken for more than a decade. He has mixed feelings about the attack. His main question is why are people are still using MD5? Good question – shouldn’t this be scrapped by now?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s