That’s right. We all knew it had to happen sometime…… SSL certificates are now spoofable. That’s right you can now create an SSL certificate that causes all major browsers to think that an SSL certificate is valid and from a trusted certificate authority. How The real problem here is that SSL supports the use of the MD5 hash function which has had known collision problems for many many years. A collision happens when two separate inputs generate the same hash i.e.: md5(“asdgasdlghgds”)  -> %#QAJHAE%UNAW#$#E%QU*QABS md5(“56832ujxdf175”)  -> %#QAJHAE%UNAW#$#E%QU*QABS ...