Cloudy with a Chance of Leaks | TechSNAP 308 | Jupiter Broadcasting

Cloudy with a Chance of Leaks | TechSNAP 308

Posted on: February 28, 2017

Posted in: Featured, TechSNAP, Video

Comment on This Video

Share This Video

Embed This Video

Google heard you like hashes so they broke SHA1, we’ve got the details.

Plus we dive in to Cloudflare’s data disaster, Dan shows us his rack, your feedback, a huge roundup & so much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Announcing the first SHA1 collision

Not just Google on this, they worked with CWI
SHA1 is a Cryptographic hash function
SHA-1 was developed as part of the U.S. Government’s Capstone project. The original specification of the algorithm was published in 1993
two PDFs that have identical SHA-1 hashes but different content
Lifetimes of cryptographic hash functions – by Valerie Aurora
Git fscked by SHA-1 collision? Not so fast, says Linus Torvalds – Attack is hard, discovery is easy, so fix it right
rather than right now
Suggestion: Don’t panic. Things aren’t suddenly going to become vulnerable. Take your time, review your systems looking for SHA-1 usage and evaluate the risk, but best to get it of it all if you have not already.

CloudBleed

Affects millions of websites, literally.
Google Project Zero
Could someone from cloudflare security urgently contact me. – 0011 UTC – 18 Feb 2018 UTC 0011
bug report on chromium.org – 17:15 UTC – 19 Feb 2017
Corpus distillation? What is that?
Incident report on memory leak caused by Cloudflare parser bug 23 Feb 2017
My work here is done 9:24 PM – 23 Feb 2017
HIPPA implications
List of Sites possibly affected by Cloudflare’s #Cloudbleed HTTPS Traffic Leak

Feedback

Transmission Permission Follow-up (see original question in episode 305
Dan’s pfSense box

Round Up:

Question? Comments? Contact us here!