Certified (In)Authentic validation?

The other day I read in John Markoff’s New York Times piece that researchers used video game technology to prove an interesting point. It seems that a group of U.S. and European researchers were able to work a group of Sony PlayStation 3 gaming machines to prey upon a vulnerability in a software system that’s supposed to protect commercial Internet transactions.

This article opened my eyes because it pointed out that current technology is lagging pitifully. According to Markoff, “The attack is possible because a handful of commercial organizations that provide components of the basic security infrastructure of the Internet are using an older security technology — despite years of warnings that it is now potentially obsolete.”

As you’re probably thinking, I too wondered, what does this mean to us consumers? Whenever I conduct transaction online, I make sure I see the little padlock, the “http” followed by the letter “s” (for secure) and I often check for at least 256-bit encryption, but beyond that, I don’t look for much else. And I’m pretty sure most users don’t go nearly that far. Should my feeling of security now be replaced with unease?

That the researchers were able to create a fake certificate (an ‘authentication’ certificate) proves that, as the researcher’s noted, “a critical part of the Internet security infrastructure is not safe.” I’m not sure this will have much of an impact on the everyday consumer’s Web transactions just yet, (an ordinary home computer would take years to get the same result) but if as Markoff says “Also potentially affected are e-mail and chat servers and online collaboration systems,” then we’d better not be surprised if we meet up with more such exploits down the road.