“Attackers behind espionage software that infected Iranian computers targeted hard-to-exploit weaknesses in a cryptographic algorithm, a feat that allowed them to counterfeit a Microsoft digital credential, a member of the company’s security team said.
Details of the “cryptographic collision attack,” which came in a blog post published Monday afternoon, are the latest testament to the skill and sophistication that went into engineering the Flame malware. While theoretical, collision exploits in real-world attacks are virtually unheard of. As a 2008 attack on the MD5 cryptographic algorithm demonstrated, collision attacks require huge amounts of computing power, even when exploiting decades-old hashing functions. To pull it off, researchers had to wield the power of 200 PlayStation 3 gaming consoles.”
See the rest of this exciting bit of news at Ars Technica http://arstechnica.com/security/2012/06/flame-wields-rare-collision-crypto-attack/