Rodrick Brown wrote:
A team of security researchers and academics has broken a core piece
of Internet technology. They made their work public at the 25th Chaos
Communication Congress in Berlin today. The team was able to create a
rogue certificate authority and use it to issue valid SSL certificates
for any site they want. The user would have no indication that their
HTTPS connection was being monitored/modified.
http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/
http://phreedom.org/research/rogue-ca/
--
[ Rodrick R. Brown ]
http://www.rodrickbrown.com http://www.linkedin.com/in/rodrickbrown
ssl itself wasn't cracked they simply exploited the known vulnerable md5
hashing. Another hashing method needs to be used.