The Story of Alice and her Boss without MD5

Although this page is trying to convince you of the exact opposite, I recommend reading Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss" first, to see why people think MD5 collisions are so bad.
They seem to make a pretty convincing argument, and giving a concrete example sure helps. So I'll do the same. Their scenario and the results are a good example (so I'll shamelessly steal them), but they're pointing at the wrong cause.

The real problem is not the MD5 collisions, the real problem is Caesar signing the file that Alice created, without reading its full contents.

From Caesars point of view, this will play out exactly the same. But Alice is doing something else here.
Suppose Caesar used Firefox, and whoever would process the order, uses something else, and Alice knows that. She could make Caesar sign this html file. And that exact same file, with the signature, could be used as an order. Because in Firefox it looks like the letter, but in another browser, it looks like the order. And this is not a browser bug. The same is probably possible with ps and pdf and many other formats.

Different viewers interpreting a document differently is not the actual bug that's being exploited here, neither is MD5 really the bug exploited in the articel mentioned above. It is Caesers mistake of signing without reading that is exploited in both. And there are many other ways to exploit that.

• You should never sign files that you didn't create yourself, unless you've fully read it in its raw format
• MD5 collisions really aren't as bad as some people think