Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Announcing the first SHA1 collision (googleblog.com)

matafagafo writes: Google Security Blog just published

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power. Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision.


Comment Re:Uh, then why was the analog TV spectrum sold of (Score 1) 63

The analog TV bands are not very suitable for high capacity demands. Most of those bands are already being claimed for other purposes as well. And digital TV still chews up quite a bit of those bands.

Lower frequencies also means bulkier antennas on the mobile devices - or less efficient antennas. So there's no real point in trying to reach for those bands.

Also see this allocation chart, even though it's a bit dated it's still interesting. It seems to have a segment between 11.7 and 12.2 GHz that is planned for Mobile use.

Submission + - Google: 99.95% of Recent 'Trusted' DMCA Notices Were Bogus (torrentfreak.com)

AmiMoJo writes: In comments submitted to a U.S. Copyright Office consultation, Google has given the DMCA a vote of support, despite widespread abuse. Noting that the law allows for innovation and agreements with content creators, Google says that 99.95% of URLs it was asked to take down last month didn't even exist in its search indexes. “For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place.”

Comment Re:Ways around this (Score 1) 509

Skip bringing your smartphone and get a "dumb" phone where you can hardly produce a text message.

I doubt that they would capture any serious offender this way - they have other means to get their stuff through. A micro SD is so small that it's easy to conceal.

But otherwise I have realized that there's no real point in visiting the US these days considering the banana republic government that's in place. Nothing wrong with the people, just the election system that makes sure that only the worst alternatives are available. The only candidate last election that at least had some ambition outside the realm of power or control was Sanders.

Comment Re:How "indirect" was the use? Was SF just a proxy (Score 2) 123

Which just highlights that the problem is the licensing model.

The change of terms means that it's an indication of SAP either have become "too big", they have saturated the market and can't grow anymore or they are starting to fail. In any case they may need to downsize in order to keep the customers.

Also realize that many businesses that have been successful have tailor-made systems.

Submission + - Is Vodafone's new broadband service a man-in-the-middle attack? (vodafone.co.uk)

Duncan J Murray writes: Vodafone's recent entry into the competitive broadband ADSL and fibre market in the UK has been met with accusations that they are partaking in a man in a middle attack by providing certificates from contentcontrol.vodafone.co.uk. bored writes "Vodafone are performing a man-in-the-middle attack... Rather than subverting a wifi router, they have a proxy server which is intercepting your encrypted data requests, making the connection to the encrypted endpoint itself and getting you to send your requests to the Vodafone proxy server...."

Vodafone broadband also seems to be falling foul noscript's Application Boundary Enforcer designed to prevent DNS rebinding attacks, requiring system ABE rules to be disabled to access https addresses.

So far vodafone have responded by suggesting a security exception is created for each occurrence, and another reply from vodafone respond "I've double checked this with our Broadband team and this is how our routers are set up, we're unable to change any settings at our end."

Though we should not attribute to malice that which is adequately explained by stupidity, is this unwittingly compromising the security of vodafone broadband users?

Slashdot Top Deals

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...