http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/

Pretty recent I think. Crazy to think that md encryptions can be broken in about a day. Transformers is seeming more and more realistic lol.

Hopefully the us gov't has a higher level of encryption they've kept secret from teh internetz bandito's.

Those people cracked the system to look for flaws that should be fixed. This isn't that uncommon. The idea is to break it and then report how you broke it to the people in charge so that they can fix it BEFORE the "internt banditos" break it.

Yeah, when the old methods are broken into, and how to do it is posted on the internet, it's not very long before they come up with a better way to do it

Lol 200 ps3s...

MD5 was never that secure. Go SHA1 until they actually find the known weakness in it.

imo the internet is a fundamentally insecure platform for monetary transactions. It's best to physically go to the bank.

The internet was created by the Military as a means to contact each other instantaneously.

md5 isn't really used for security purposes, so judging it as such is rather frivolous. The issue seems to be more with rapidssl, using md5 + predictable timestamps and serial numbers.

This was irrelevant, but it was created by universities to share datasets.

The military created it first and Universities implemented it first. Gosh, get your facts straight

And sure its relevant, he said the 'internet' is a broke system for transactions when I'm sure he meant the World Wide Web

As far as I can tell, all this means is that they exploited this predictability so that they can mock up https://www.somerandomdomain.com/ to look like your bank, and have your browser tell you "Yes, trust these people." As long as you do https with a domain you already know, this should never be a problem. It just removes some of the usefulness of those stupid popups that say "OMG SECURITY CERTIFICATE NOT VALID!" or "OMG CONNECTION NOT SECURE!" Given the number of people stupid enough to give their passwords over http to these sites, it won't really have an effect.

You'd be surprised.

Im pretty certain that's incorrect... If you look at the definitions of internet, some of them specify it as the linking of computers using tcp/ip protocol, and some simply say interconnected networks(which is probably the actual breakdown of the word "inter-net". So by that definition, anyone that connected 2+ computers technically invented their own internet. As for tcp/ip protocol, it looks as if Stanford first implemented tcp/ip and invented the term "internet" for their project. Military may have used concepts, but they didn't invent the internet.

my above post was a lie, al gore invented the internet taha!

Actually, two computers connected together are not an internet. The internet is by definition the largest global public network (network of networks, to be more accurate) and multiple internets cannot exist. Your creation would be a network... possibly an intranet or an extranet.

Kellimus is correct in making his distinction. The World Wide Web is not the internet, but only one service available on it. The internet began as the Arpanet, developed by the Department of Defense. The World Wide Web was developed by CERN.

Post has been edited 2 time(s), last time on Jan 4 2009, 5:17 pm by Mini Moose 2707.

Lol, maybe.

Just because computes use TCP/IP doesn't mean they are connected to the net.. TCP means Transmission Control Protocol, which simple could mean a control for port.

IP is the protocol used to to connect to the internet on one of the lower-level network ports.

I have a book on programing TCP/IP, just taking a bit of info from that.

Not exactly.. It would be an IntTRAnet, yet. But an Internet, no. Your intTRAnet can connect to the World Wide Web through an ISP..

And as I stated, just because you use the TCP doesn't mean you have connectivity to the internet...


Why thank you, you saved me the hassle