Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Comment Re:These two may have been least at risk (Score 1) 54

There are plenty of people I know who would fall for this, because they simply don't know. They were issued a laptop for work and were told it was secured through a VPN, but don't understand how networks or routing actually works. They think they're secure only because an expert told them that VPNs are secure.

And not all VPNs are secure. Corporate VPN solutions are increasingly looking to split tunnelling to cut costs: internal corporate IP addresses are correctly routed to the VPN tunnel interface, so things like internal email and corporate web sites are all secured, but the external IP addresses (Google, Microsoft, Slashdot, etc.,) are left to route through the local gateway, reducing bandwidth through the corporate network. So if your wireless adapter connects to a WiFi Pineapple using one of those corporate laptops (thinking it's connecting to a conference AP or something), the rogue AP will faithfully route the still-secure VPN traffic to the proper corporate headquarters servers, but it will just as happily MiTM the rest of the regular unsecured traffic, scanning for credentials, cookies, API keys, or whatever other external sites the computer may happen to access. They could expose personal email account credentials, various web apps, DNS requests, discovery packets, or other loud network traffic. And this allows scenarios where the browser gets cache poisoned while browsing the unsecured web, then used to connect to an internal corporate web site where the malicious cached javascript echoes all the booty back to the attacker.

Of course, you expect the tech folks at the RSA conference would know how it all works, but a significant fraction of the attendees are not tech employees. There are no doubt many finance people; executives with expense accounts and instructions to "come back with a security contract"; salespeople; politicians; and the press in attendance.

I just hope the guys with the rogue access points are no worse than gray hats who are posting them on a Wall of Sheep somewhere at the conference, and not actually hacking the attendees.

Google

Breakthrough in Alphabet's Balloon-Based Internet Project Means It Might Actually Wor (recode.net) 82

Loon, the balloon project that aims to deliver internet to parts of the world that lack reliable connectivity, announced this week that due to advancements in the machine learning software, it can now deploy fewer balloons to provide greater connectivity. From a report on Recode: The Loon balloon project is part of X, the experimental division of Alphabet, Google's parent company. Now in its fourth year, the engineers at Loon say their new machine learning techniques significantly shorten their timeline for launching the project. Initially, engineers proposed that the Loon balloons would float around the globe and that they would have to find a way to keep the balloons a safe traveling distance apart and replace a balloon that drifted from an area that needed connectivity. Now, the team says they've found a way to keep the balloons in a much more concentrated location, thanks to their improved altitude control and navigation system. Loon says that balloons will now make small loops over a land mass, instead of circumnavigating the whole planet.

Comment Re:So what? Google should have expected that (Score 1) 95

They don't suck at everything; they just suck at managing. Its because they think their excellence in academia and theory means they don't have to learn from lessons in real life. They're constantly reinventing the wheel when it comes to business and human resource management.

Comment Re:Makes no sense (Score 1) 95

Its common sense. There's almost no amount of money that Google can throw at their autonomous car lead developers that can match a tech startup. It implies there's an amount of generous salary that will discourage developers from going startup. But Google hires alpha developers who understand what it means to be a successful startup.

I really don't even believe Google is the cutting edge of autonomous car development. I'm guessing its Tesla, because they have the closest thing to a functioning autonomous car. Its probably a story planted by Google and other leading autonomous car companies that just want to drive down the salaries they currently pay to their employees in this field. At this point, Google is probably holding back progress, because they want a surefire profitable model without going through all the regulatory and civil litigation its going to require to roll it out.

Comment Re:How the hell is this still a problem? (Score 2) 49

No, the whole point of Chip and PIN is the use of symetric key cryptography to generate a one time transaction with no need to share account details to the terminal. Basically the same thing as Apply Pay/etc. do, but embedded in a passive chip instead of requiring an active device.

This is not correct. Chip cards use cryptography only to produce a "cryptogram" called the ARQC. This is a Message Authentication Code, a checksum-like number that authenticates the card containing the secret key produced the message. By adding a PIN, the card can also fold the PIN into the cryptogram, authenticating the user, too. However, the card data, including the PAN is still sent in the clear for authorizing. The chip does not encrypt the card data.

Also, the chip is not passive. The chip contains a CPU and performs lots of cryptography, including validating the certificate presented by the terminal, the selection of various applications, protocol negotiations, etc. (And because that chip runs Java, every card issued gets to tithe Oracle for the privilege.)

But because of stupid, we use a crippled system that still allows that system to be bypassed with simple swipes and no crypto between the card and the terminal.

For the most part the data does not need to be encrypted. The payment terminal is responsible for rejecting a swipe that has a Service Code indicating that a chip is present, so you can't just bypass the chip. The skimmer only sees the data flow past, but has no way of computing valid ARQC because the secret key remains embedded securely in the chip. As long as the user doesn't have to also enter the CVV2 from the back of the card, there's not enough information to abuse the card. (Any web page that accepts an account number without requiring the CVV2 is out of compliance with PCI requirements, and is liable for any fraud committed with that card number.)

However, if the payment terminal doesn't encrypt the data before sending it to the store's payment gateway (let alone from the terminal to the cash register), that's still plenty of stupid.

Comment Re:ARBY'S (Score 1) 49

A breach that impacted 355,000 member cards is huge, indicating it was deployed to a large percentage of their chain, if not the whole chain. Since their breach "ended" on January 19 and it still took them 3 weeks to produce the list of affected cards, that tells me that Arby's response time is pretty damn poor, and that they may not be very good at tracking what's going on. Some senior VP said that "not all [of their 1000] corporate restaurants [out of 4000] were affected", but with news this bad combined with such a poor response time, it's hard to trust that they have a complete handle on the problem.

So, IF YOU ATE THE MEATS, it's a pretty good bet that your card got eaten too. Watch your statements.

Now that Arby's has submitted their list of impacted cards to the card associations, Visa or Mastercard will soon contact your bank. Your bank will then send you a letter saying "haxx0rs! Too bad, here's a new card, and if you want to sign up for a year of free credit monitoring, contact ohshitwewerebreached.com and tell them R.B sent you."

Comment Re: Credit card fraud? I'm thinking Arby's! (Score 1) 49

How does it only effect ards issued by one bank.if it was malware on the PoS machines?

The thieves likely stole numbers from any and all cards that ran through their infected payment terminals.

PCSU isn't a single bank, it's an association of about 800 credit unions. Arby's didn't report the number above, that came from PCSU's count of impacted member cards. They said 355,000 cards were impacted, a figure that does not include any other cards issued by any other banks. If those 800 member banks represent 10% of all cardholders (I don't know that for sure, that's just a rough guess to demonstrate the math), it's possible that this breach could impact a total of about 3 million cardholders.

Comment Re:Blowing smoke? (Score 2) 92

The value I got from Design Patterns is that these were describing the solutions to actual problems I had already had to solve on my own (often not as well), and they covered the side effects of those solutions, some of which I hadn't thought too much about before reading the book. (The observer pattern creates hidden long-term maintenance dependencies on the semantics of the data published by the subject, for example. That was really useful to me when I hadn't yet recognized the problem.)

However, once it was published it seemed that every Tom, Dick, and Bjarne published a book like "23 More Design Patterns" "Web 2.0 Design Patterns", "Design Patterns that Won't Clash With Stripes and Pastels", "Summer Design Patterns to Take to the Beach", etc. They were so specialized as to be almost entirely useless. Yes, the GoF book had a few shortcomings, but its real value to me came from the idea that we could name these things, study them, and understand them. When I read it in the 1990s I thought that was pretty darn novel.

Comment Re:A minimal C++ library (Score 2) 92

The hell do you need all of them for?

To broaden your skillset? To be more effective at what you do? To write more maintainable code? To make fewer errors? To interact with your peers? More specific to C++ and those particular books, to prevent race conditions, to have strong error handling, and to make more efficient use of multiple core processors? Perhaps most importantly, so that when the company hires a snot-nosed kid who actually does know and practice these things, that he won't show you up as the fossil you're describing yourself as?

I've been programming since 1976, and I think it's fair to say that computers have changed since then. If you think that programming now is anything like programming 20 years ago, you haven't been paying nearly enough attention.

Comment Re:What about the actual code? (Score 4, Interesting) 77

If DRM is ever successful, it won't be due to companies like Denuvo. Effective DRM requires some critical-path hardware to be complicit in the hiding of a secret from the device's owner. It can't just be pasted-on code that says "check for a valid dongle", because the attackers patch around that. The hardware has to hide something of great importance to the operation of the application, something that can't simply be replicated by software.

Denuvo makes it hard to crack, but without the hardware's participation, it will never be impossible.

Slashdot Top Deals

Today is the first day of the rest of your lossage.

Working...