@RISK Online - The Security Blog
2 user(s) online.
Friday, February 18, 2005SHA1 Update
Looks like SHA1 may not be quite dead after all. Reading a recent report this morning, it now appears that the attack may be more theoretical than practical. Read here (emphasis mine):
"Although the cracking technique could not be carried out practically, it does compromise the integrity of the algorithm and could lead to more advanced attacks that would render SHA-1 useless, affecting many Internet security products that use it to generate digital signatures, according to Bruce Schneier, founder and chief technology officer of Counterpane Internet Security."
Okay, so SHA1 may be vulnerable to attack, but it does not appear that we're going to see a massive Internet Worm that compromises it anytime soon. This may be the first nail in the coffin of SHA1, but it's not dead yet.
posted @ 07:41 AM EST [link]Thursday, February 17, 2005SHA1 encryption has been "broken"
Thanks to Bruce Schneier for this alert via his security blog. To quote his post:
"SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results."
The SANS Internet Storm Center has further information and recommentions as well. I'll try to keep track of this as it develops and post additional notes here.
* Update
More information can be found here at CNet News.
posted @ 08:01 AM EST [link]Thursday, February 3, 2005More slow work on iptraffic
I've uploaded two quick releases. This version includes some logic fixes. The latest version includes some code to capture statistics on some multicast protocols that I've been able to filter out. This is the final table build code to cover the new protocols that I've introduced.
Work is beginning on the apache/mysql/php front-end. I've got the setup completed and I'm writing up the docs on how to configure everything. I've also some some basic logic to start gathering basic traffic statistics.
I've just started a new project at work, so I'll be much more focused on that for now, so don't expect much in the way of updates for the next few weeks.
posted @ 10:54 PM EST [link]
|
| February 2005 | | S | M | T | W | T | F | S | | | 1 | 2 | 3 | 4 | 5 |
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | | | | | |
Blogroll Me!
Navigation:
Home
Archives
About Me
Articles
Email
News Feed
Projects
My Blogroll:
Security Advisories:
Anti-Phishing
AUSCERT
BugBlog
CERIAS
CERT
CIAC
Cisco Advisories
F-Secure
iDefense
ISS XForce
McAfee
Windows Security
Oracle Alerts
Secunia
Security Corporation
Security Focus
Security Tracker
SGI Advisories
Sun Alerts
Symantec
Trend Micro
Zone-H
Defacements Archive:
Zone-H Digital Archive
Security News:
DShield
Help Net Security
Internet Storm Center
Linux Security
NewsNow: Encryption/Security
NewsNow: Hacking
Packet Storm
Securiteam
Security News Portal
Security Stats
Security Focus
Risks Digest
Zone-H
Security Tools:
Packet Storm
Astalavista
Help Net Security
Packet Factory
Security Focus
|
