The title of the talk “Making the theoretical possible” has been changed to “MD5 considered harmful today: Creating a rogue CA certificate”. The speakers will be Alexander Sotirov, Marc Stevens and Jacob AppelbaumWe knew that the use of MD5 was't really advisable anymore and that we would run into issues in the future. But we hit a wall sooner then we thought. This has serious consequences!!
Talk will be streamed at 15:15 CET
Follow live tweets @security4all,
UPDATE: Alex gives a small synopsis on the phreedom.org website.
We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. (Read more-)UPDATE 2: Details were just released on the http://www.win.tue.nl website.
(Photo under creative commons StarbuckGuy's photostream)