Mise à jour
Mise à jour de la base de données, veuillez patienter...
Site original : The Hacker News
"Conceal doesn't implement any crypto. Instead, it uses specific cryptographic algorithms from OpenSSL. OpenSSL's crypto library is about 1MB when built for armv7. By using only the parts of OpenSSL we needed, we were able to reduce the size of OpenSSL to 85KB. We believe providing a smaller library will reduce the friction of adopting state of the art encryption algorithms, make it easier to handle different Android platform versions, and enable us to quickly incorporate fixes for any security vulnerabilities in OpenSSL as well."
IBM has awarded £3.4 million to design a CMOS microchip that can be turned into silicon dust remotely. I Hope the new destruction technology would stay within the military infrastructure, and not extend their reach to devices like Smartphones and Personal Computers.“IBM plans is to utilize the property of strained glass substrates to shatter as the driving force to reduce attached CMOS chips into Si and SiO2 powder. A trigger, such as a fuse or a reactive metal layer will be used to initiate shattering, in at least one location, on the glass substrate. An external RF signal will be required for this process to be initiated. IBM will explore various schemes to enhance glass shattering and techniques to transfer this into the attached Si CMOS devices.”
"An attacker able to find SHA-1 collisions could carefully construct a pair of certificates with colliding SHA-1 hashes: one a conventional certificate to be signed by a trusted CA, the other a sub-CA certificate able to be used to sign arbitrary SSL certificates. By substituting the signature of the CA-signed certificate into the sub-CA certificate, certificate chains containing the attacker-controlled sub-CA certificate will pass browser verification checks. This attack is, however, made more difficult by path constraints and the inclusion of unpredictable data in the certificate before signing it." Netcraft expert said.
"In total, more than 98% of all SSL certificates in use on the Web are still using SHA-1 signatures. Netcraft's February 2014 SSL Survey found more than 256,000 of these certificates would otherwise be valid beyond the start of 2017 and, due to the planned deprecation of SHA-1, will need to be replaced before their natural expiry dates."But not only NIST, other US government organizations are also using an outdated hashing algorithm, including Obamacare website healthcare.gov, donogc.navy.mil and several others.
Today Jake tweeted that, "I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing" and "who are the real criminals?"