https://www.circleid.com/blogs/ Postings from on CircleID en Copyright 2026, unless where otherwise noted. 2026-03-31T21:29:00+00:00 https://circleid.com/posts20090219_https_web_hijacking https://circleid.com/posts20090219_https_web_hijacking HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... More...]]> 2026-03-31T14:29:00-07:00 https://circleid.com/posts20090105_problem_with_https_ssl_md5 https://circleid.com/posts20090105_problem_with_https_ssl_md5 research highlighting the alarming practice of Secure Socket Layer (SSL) Certificate Authority (CA) vendors using the MD5 hashing algorithm (which was known to be broken since 2005) has shown a major crack in the foundation of the Web. While the latest research has shown that fake SSL certificates with MD5 hashes can be forged to perfection when the CA (such as VeriSign's RapidSSL) uses predictable certificate fields, the bigger problem is that the web has fundamentally botched secure authentication. More...]]> 2026-03-31T14:29:00-07:00