 |
CastellanoEnglishNederlands |
|---|
|
CastellanoEnglishNederlands |
|---|
Publish date: 2009-01-06
Security on the Internet has very recently been compromised by vulnerabilities in the MD5 algorithm. Qoben verified the certificates of all its customers and replaced the ones using MD5 for free. The next step is that web browsers must stop accepting MD5-based certificates.
Security on the Internet has two important aspects: avoid eavesdropping of your sensitive information and avoid that you send sensitive information to a faked web server. Both are handled by a using a secured connection with the HTTPS protocol: your web browser shows you either a yellow, green or blue address bar, or a yellow lock icon if you are using an outdated web browser. These secured connections use certificates issued by Certification Authorities that verify the identity and ownership of the web domain. These certificates used to be based on MD5, a well-known mathematical hash algorithm, but on December 30th, 2008 a group of researchers showed that they can make fake certificates that all web browsers accept to be real and secure.
The point is that all certificates using MD5 can no longer be trusted. All certificates based on MD5 must be replaced. Qoben verified the web certificates of all its customers and replaced them when necessary for free.
However, this is not enough: crooks can still create fake certificates that use MD5. Therefore it is important that all web browsers stop trusting certificates based on MD5. The web browser companies are working on this. If you are anxious and use Mozilla Firefox, you can install the SSL Blacklist extension.
Read more news