SSL Blacklist now detects and warns about certificate Chains that use the MD5 Algorithm for RSA signatures.The demonstrated attack has two notable prerequisites: the ability to predict information in the prefix blocks of the data, and the present existence of CAs that use MD5-RSA to sign CSRs.
Since RapidSSL quite quickly switched to SHA1, the latter prerequisite seems to be harder to come across. (They issued a certificate to me at 9am this morning, less than 24 hours after the attack has been publicized, and this certificate no longer uses MD5.)
There is, however, a large number of CAs out there, and it is certain that some of them will continue to use MD5 for one reason or another. As for predicting information in the prefix block: some CAs may make this harder than others, but some low-volume CAs may require even less of an effort than RapidSSL did.
The real issue is, however, that this current attack is just a sign of things to come. MD5 has been known to have been weak for years, and now a small team with relatively modest resources essentially gained the ability to spoof any secure website on the Internet. Things are likely to accelerate from here and newer, more devastating attacks on MD5 are likely to surface soon.
