One of the most important issues brought to people’s attention during the 25th annual Chaos Communication Congress held in Berlin, was the fundamental Web infrastructure flaw discovered and presented by cryptographers from the U.S., Netherlands and Switzerland. They explained how hackers could use the bug to launch undetected attacks on Internet users, gaining access to information from secure online banking and e-commerce Web sites.

The demostration involved approximately 200 PlayStation 3 gaming consoles, and the cryptographers presented one of the ways to impersonate the digital credentials of RapidSSL, a company used by browsers, in order to correctly distinguish legitimate Web sites from spam sites or sites containing malicious code. As a result, the forged credentials would allow attackers to easily impersonate almost any Web site that relied on MD5 as a means of SSL certification, which includes numerous banking and retail sites.

As soon as the security researchers presented their discovery, Microsoft Corp. begun working on its security advisory, which was issued yesterday.

"We've known for years that the MD5 is a bad algorithm and needs to be replaced," said Paul Kocher, president and chief scientist of Cryptography Research, a data security research firm based in San Francisco, as quoted by crn.com. "Some CA's screwup could enable adversaries to impersonate your site. It's not something where the carelessness of one CA affects only their customers; it affects everybody," he concluded.