RSS Feeds:
HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed
Become a supporter on Patreon:
Show Notes:
Announcing the first SHA1 collision
-
Not just Google on this, they worked with CWI
-
two PDFs that have identical SHA-1 hashes but different content
-
Lifetimes of cryptographic hash functions – by Valerie Aurora
-
Git fscked by SHA-1 collision? Not so fast, says Linus Torvalds – Attack is hard, discovery is easy, so fix it right
rather than right now -
Suggestion: Don’t panic. Things aren’t suddenly going to become vulnerable. Take your time, review your systems looking for SHA-1 usage and evaluate the risk, but best to get it of it all if you have not already.
CloudBleed
-
Affects millions of websites, literally.
-
Could someone from cloudflare security urgently contact me. – 0011 UTC – 18 Feb 2018 UTC 0011
-
bug report on chromium.org – 17:15 UTC – 19 Feb 2017
-
Incident report on memory leak caused by Cloudflare parser bug 23 Feb 2017
-
My work here is done 9:24 PM – 23 Feb 2017
-
List of Sites possibly affected by Cloudflare’s #Cloudbleed HTTPS Traffic Leak
Feedback
-
Transmission Permission Follow-up (see original question in episode 305
Round Up:
-
Hello False Flags! The Art of Deception in Targeted Attack Attribution – see also False Flag and Perfidy
-
Researchers exfiltrate data by blinking the LEDs on the hard drives
-
ZFS based replication and failover script from bolthole.com – note: ksh required
-
security analysis on the most popular Android password manager applications
-
AWS service status about s3 outage couldn’t be updated b/c of s3
-
Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages