Well, this has been a first for me. I was recently hacked on this very blog; or at least it was brought to my attention recently. I suppose it could have taken place a while ago. My hosting provider started sending me notices that my webspace account was generating large amounts of spam mail while I was away on vacation. So naturally by the time I got back home, they had shut down all of my websites. Of course, that was a good thing because they actually researched and found the offending scripts inside a WordPress theme that I had installed. Thus the reason that my blog is somewhat out of sorts now.
So a big thanks goes out to 1&1 Web Hosting for finding the problem and dealing with it in a reasonably quick fashion. Naturally I’ll be scrutinizing my WordPress themes a bit more closely from now on.
Well, it looks like the MD5 hashing algorithm is falling with a big thud. A research group recently attacked the MD5 algorithm using 200 PlayStation 3 systems and were able to construct a bogus Certificate Authority that looks like a known trusted CA. What does this mean? Well, it could mean lost revenue for online retailers (Amazon, E-Bay, etc). If HTTPS connections become less and less reliable due to the certificate authorities dragging their heels on upgrading, then more and more people will be more timid about making online purchases. Especially when they can run down to the Barnes & Noble down the street and not have to worry about such techy topics.
This news of course comes to you from CrunchGear. Read the whole article titled: MD5 collision creates rogue Certificate Authority. WARNING: it gets a little technical so you may just want to scan it, unless that sort of thing is your bag… baby!