SSL broken! Hackers create rogue CA certificate using MD5 collisions-ZDNet reports

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers.The research....effectively defeats the way modern Web browsers trust secure Web sites and provides a way for attackers to conduct phishing attacks that are virtually undetectable.

The research is significant because there are at least six CAs currently using the weak MD5 cryptographic algorithm in digital signatures and certificates. The most commonly used Web browsers — including Microsoft’s Internet Explorer and Mozilla’s Firefox — whitelist these CAs, meaning that a fake Certificate Authority can display any site as secure (with the SSL padlock).“We basically broke SSL,” Sotirov said in an interview........

Source ZDNet

NASA Discovers Computer Virus Aboard the International Space Station

"Malware is reaching new heights, and going into Space through a removable media carrying the W32.Gammima.AG password stealing malware to the International Space Station. According to SpaceRef.com :
“W32.Gammima.AG worm is a level 0 gaming virus intended to gather personal information. Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops. Theory is virus either in initial software load or possibly transferred from personal compact flash card. Working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future. It was noted that most of the IP laptops and some of the payload laptops do NOT provide virus protection/detection software .....................................”

Full story at ZDNet.com