Click it and Unblock the Notifications
Just In
Don't Miss
-
Pukaar Dil Se Dil Tak Promo: Sayli Salunkhe Impresses In First Video Of Sony TV Show, Details About Her Role -
Who Won Yesterday's IPL Match 34? LSG vs CSK, IPL 2024 on April 19: KL Rahul Stellar Batting Show Decimate Chennai Bowling -
Rs 17/Share Dividend: Record Date On April 26; Buy The ICICI Group Stock To Be Eligible? -
Golden Rules To Follow For Happy Marriage For A Long Lasting Relationship -
Exam Pressure Does Not Exist; Studying Punctually is Crucial; Says Aditi, the PSEB 2024 Topper -
Suzuki Swift Hatchback Scores 4 Star Safety Rating At JNCAP – ADAS, New Engine & More -
Dell Introduces AI-Powered Laptops and Mobile Workstations for Enterprises in India -
Journey From Delhi To Ooty: Top Transport Options And Attractions
Weakness in Internet security uncovered
Washington, December 31 (ANI): The Internet digital certificate infrastructure has a weakness that may be exploited by attackers to forge certificates that are fully trusted by all commonly used web browsers, say researchers.
This finding emerges from the studies conducted by independent security researchers in California and experts at the Centrum Wiskunde and Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands.
The researchers say that this weakness may make it possible for cyber criminals to impersonate secure websites and email servers and to perform virtually undetectable phishing attacks, which means that visiting secure websites is not as safe as believed.
Presenting their findings at the 25C3 security congress in Berlin on the December 30, the experts expressed hope that there will be an increase in the adoption of more secure cryptographic standards on the Internet, which will in turn increase online safety.
While presenting their findings, the researchers said that a small padlock symbol appears in the browser window when a netizen visits a website whose URL starts with "https". They said that that indicates that the website is secured using a digital certificate issued by one of a few trusted Certification Authorities (CAs).
They added that with a view to ensuring the legitimacy of the digital certificate, the browser verifies its signature using standard cryptographic algorithms.
As per their discovery, according to the researchers, one of the algorithms called MD5 could be misused."The major browsers and Internet players - such as Mozilla and Microsoft - have been contacted to inform them of our discovery and some have already taken action to better protect their users," says Arjen Lenstra, head of EPFL's Laboratory for Cryptologic Algorithms.
"To prevent any damage from occurring, the certificate we created had a validity of only one month - August 2004 - which expired more than four years ago. The only objective of our research was to stimulate better Internet security with adequate protocols that provide the necessary security," the researcher adds.
Based on their observations, the researchers came to the conclusion that MD5 could no longer be considered a secure cryptographic algorithm for use in digital signatures and certificates.
MD5 is presently used by certain certificate authorities to issue digital certificates for a large number of secure websites.
"Theoretically it has been possible to create a rogue CA since the publication of our stronger collision attack in 2007," says cryptanalyst Marc Stevens (CWI).
"It's imperative that browsers and CAs stop using MD5, and migrate to more robust alternatives such as SHA-2 and the upcoming SHA-3 standard," insists Lenstra. (ANI)
