Official Mobile Security & Innovative Technologies Blog
This blog is managed/edited by Eric Everson. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community in addition to the intricacies of innovative technologies and the markets therein.
Thank you for taking the time to review my blog; I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a full-time graduate student and mobile industry researcher. As a mobile security expert and innovative technologies leader, I am glad to answer any questions you may have: EricEverson@Hotmail.com
Wednesday 7 January 2009, 1:05 AM
Mobile Security and the MD5 Hack: Day Trading By Mobile Beware
Mobile Security and the MD5 Hack: Day Trading By Mobile Beware
Author: Eric Everson, Founder MyMobiSafe.com
It seems that we can do as much or more from our phones today than we could from our laptops five years ago. You can enjoy a gamut of media related convenience and surfing the web from one’s handset has become a standard. Add to these mobile freedoms the ability to day trade via your mobile device and it’s a wonder we ever put our phones down.
Admittedly my life seems to revolve around “opening and closing bells” so the ability to make my trades and place my orders on the go has been awesome. The ability to trade in any market from the palm of my hand while I am cross-training is technology at its finest. While I as many other have come to love this market freedom, there seems to be a lurking vulnerability that has seen its fair share of press lately.
As computers and mobile devices use much of the same carry over technology in the way of web browsers the recent “MD5 hack” has created a ripple effect into mobile technologies as well. What does the “MD5 Hack” mean for mobile devices? Essentially MD5 collisions can be leveraged to generate rogue SSL CA certificates. Such rogue CA certificates can be used by an attacker to generate valid SSL certificates for targeted web sites. By forging these certificates in DNS redirection attacks, an attacker can spoof an SSL protected web site and obtain your sensitive information.
Now don’t stop day trading from your mobile just because of this vulnerability because in reality the role of MD5 algorithms in SSL certificates is becoming marginalized by the way of the SHA-1 approach. To execute on the MD5 vulnerability requires some sophisticated computing which may or may not be worth the time of a hacker. Nonetheless as your trusted mobile security advisor I wanted everyone to be aware of the threat. With many securities trading at bargain basement prices, now may be the best time to take advantage of the freedom of mobility that exists for day traders.
Your friend in mobile security,
Eric Everson, Founder MyMobiSafe.com
Author: Eric Everson, Founder MyMobiSafe.com
It seems that we can do as much or more from our phones today than we could from our laptops five years ago. You can enjoy a gamut of media related convenience and surfing the web from one’s handset has become a standard. Add to these mobile freedoms the ability to day trade via your mobile device and it’s a wonder we ever put our phones down.
Admittedly my life seems to revolve around “opening and closing bells” so the ability to make my trades and place my orders on the go has been awesome. The ability to trade in any market from the palm of my hand while I am cross-training is technology at its finest. While I as many other have come to love this market freedom, there seems to be a lurking vulnerability that has seen its fair share of press lately.
As computers and mobile devices use much of the same carry over technology in the way of web browsers the recent “MD5 hack” has created a ripple effect into mobile technologies as well. What does the “MD5 Hack” mean for mobile devices? Essentially MD5 collisions can be leveraged to generate rogue SSL CA certificates. Such rogue CA certificates can be used by an attacker to generate valid SSL certificates for targeted web sites. By forging these certificates in DNS redirection attacks, an attacker can spoof an SSL protected web site and obtain your sensitive information.
Now don’t stop day trading from your mobile just because of this vulnerability because in reality the role of MD5 algorithms in SSL certificates is becoming marginalized by the way of the SHA-1 approach. To execute on the MD5 vulnerability requires some sophisticated computing which may or may not be worth the time of a hacker. Nonetheless as your trusted mobile security advisor I wanted everyone to be aware of the threat. With many securities trading at bargain basement prices, now may be the best time to take advantage of the freedom of mobility that exists for day traders.
Your friend in mobile security,
Eric Everson, Founder MyMobiSafe.com
Previous
