MD5 seems not safe for code signing

This paper presents a method for creating the same MD5 hash for different executables - thus beating the idea of identifying executables by comparing their MD5 hashes to stored values.