Want to use your PS3 to mess up people’s lives? As if having people using computers wasn’t good enough, apparently Sony’s system is another way to go when it comes to phishing scams, as they are good at performing cryptographic functions.
An international team of security researchers used 200 PS3s to pretty much crack the case. What they found ended up being a flaw in an algorithm that is used to create authentication for secured sites. The PS3s were used to find and conquer a bug that was found in the MD5 hashing algorithm which is essentially used to generate certificates specific to secured websites.
How do these certificates work? Well, they’re pretty much unique for every site and act like the site’s very own fingerprints, each with a numerical value. These researchers, with the help of the PS3, were able to hack into VeriSign Inc.’s RapidSLL.com site that authorizes said certificates, mess around with the MD5 bug, and pretty much created fake certificates that seemed as real as can be. This pretty much means that anyone with hacking knowledge can create their own websites and use them as ways to steal personal information. I guess the moral compass is a little askew?
But not to worry, as this was seen more used as a warning than anything else for those that still use MD5, that it is possible to get screwed. Afterall, it took 200 PS3s to pull this stunt off. If there’s anyone out there actually willing to shell out that much money just to scam people, well then my friend, you might need a bit of help.