Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - First SHA1 Collision (googleblog.com)

ad454 writes: Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We've summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

https://security.googleblog.co...

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Comment Re:They will game the system and destroy home wi-f (Score 1) 61

Maybe, depends on amplitude of the blowtorching towers; keeping in mind inverse square law. In addition, 5Ghz (and higher frequencies) don't penetrate solid objects nearly as well as 2.4Ghz and below. Yet paradoxically 5Ghz is better in a home/office environment over 2.4Ghz because the SNR is much better from lack surrounding interference.

Submission + - Announcing the first SHA1 collision (googleblog.com)

matafagafo writes: Google Security Blog just published

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power. Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision.


Submission + - Judge Rules Against Forced Fingerprinting

An anonymous reader writes: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government’s method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government’s request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints ‘onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device.’

Submission + - Google: 99.95% of Recent 'Trusted' DMCA Notices Were Bogus (torrentfreak.com)

AmiMoJo writes: In comments submitted to a U.S. Copyright Office consultation, Google has given the DMCA a vote of support, despite widespread abuse. Noting that the law allows for innovation and agreements with content creators, Google says that 99.95% of URLs it was asked to take down last month didn't even exist in its search indexes. “For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place.”

Submission + - Microsoft Research's DeepCoder AI may put programmers out of a job

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds. Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." Another article describes program synthesis as "creating new programs by piecing together lines of code taken from existing software — just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read online.

Submission + - Obama's Feds Tried to Hack Indiana's Election System While Pence Was Governor

EmmaStarc writes: Department of Homeland Security (DHS) officials tried to hack Indiana’s state electoral system with at least 14,800 “scans” or hits between Nov. 1, 2016, to Dec. 16, 2016, The Daily Caller News Foundation Investigative Group has learned.

The attacks are the second confirmed IT scanning assault by DHS officials against states that resisted then-President Barack Obama’s attempt to increase federal involvement in state and local election systems by designating them as “critical infrastructure” for national security. .Source

Comment Re:I think its time we hack space travel. (Score 1) 244

I'm having a very hard time seeing how a spacecraft could NOT contain an immense amount of patented tech. I don't think it's possible to make a patent-free spacecraft.

Any craft that can reach a star system 39 light years away in a reasonable amount of time is also a fearsome weapon.

Submission + - Is Slack Safe? (fastcompany.com)

An anonymous reader writes: If you work in media (or most other tech-oriented jobs), chances are you've come across Slack—or you find yourself using it every waking hour. It's an easy way to chat and collaborate with fellow employees. But amid increasing concerns about press freedom in the U.S. and elsewhere, are chatroom apps like Slack really the best way for journalists—and anyone else with sensitive information—to communicate? Reporters, editors, and privacy advocates aren't so sure.

Submission + - Software Vendor Who Hid Supply Chain Breach Outed (krebsonsecurity.com)

tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called "supply chain" malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. This intrusion would probably not be that notable if the software vendor didn't have a long list of Fortune 500 customers, and if the attackers hadn't also compromised the company's update servers — essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site — not linking to it anywhere. Brian Krebs went and digged it up.

Slashdot Top Deals

Never buy what you do not want because it is cheap; it will be dear to you. -- Thomas Jefferson

Working...