An international team of security researches used a “farm” of 200 PlayStation 3’s to discover a flaw in an algorithm that is used to authenticate certificates for “secure” web-sites. The PS3 was used due to its powerful cell processor which is particularly good at performing cryptographic functions.
To quote from 1-Up:
“The researchers used the PS3s to exploit a bug in the MD5 hashing algorithm used to generate unique certificates to prove a secured website is actually what it purports itself to be. The certificates work like digital fingerprints that all have a unique numerical value, but the researchers were able to hack into VeriSign Inc.’s RapidSLL.com certificate authority site, exploit the MD5 bug, and create fake certificates that shared the same values. In plain terms: This could, theoretically, be used by hackers to create phony websites that have seemingly legitimate authentication certificates, and then use these fake sites to steal personal information that an unwitting user may feed into it.”
Although this is the type of thing that makes you think twice before purchasing something online, the researchers pointed that an attack exploiting this bug isn’t very likely (it does require 200 PS3s, after all) but either way, they did warn that anyone still using MD5 may want to upgrade.
Via Computer World