Here's another piece of news that should make you feel nice and secure for the New Year - if you're on the starship Serenity, stealing from the rich and giving to the poor. Or hell, just stealing from anyone. Yesterday at the Chaos Computer Congress in Berlin, a group of computer security researchers presented evidence that by linking together several hundred standard PlayStation3 machines, they could create evil websites that look exactly like the good websites you might be looking for (like, say, Bank of America). This may sound like a standard phishing scam, but it's a lot worse that that. These evil websites are such good imitations that they fool companies like VeriSign, a company that hands out online "certificates" that guarantee a site is what it claims to be.
You've probably seen windows pop up in your browser that inform you when you are visiting a site whose certificates are not in order, or are outdated. With this new hack, those windows would never pop up. And it means that bad guys can pretend to be your bank site, your favorite commercial site, or wherever you like to plug in your credit card number - without anyone noticing until it's too late.
Yes, the web apocalypse is here - and John Markoff over at the New York Times has the full story about how a bunch of wily geek found collisions in the MD5 hash algorithm and ripped SSL apart.