Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision

It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen in a matter of months. This poses a potential threat to trust on the web, as many websites use certificates that are digitally signed with algorithms that rely on SHA-1. Luckily for everyone, finding a hash collision is not enough to forge a digital certificate and break the trust model of the Internet.

We’ll explore how hash collisions have been used to forge digital signatures in the past. We’ll also discuss how certificate authorities can make this significantly harder for attackers in the future by including randomness in certificate serial numbers.

Digital signatures are the bedrock of trust

The Internet relies on trust. Whether it’s logging in to your bank or reading Reddit, HTTPS protects you by encrypting the data you exchange with a site and authenticating the site's identity with a digital certificate. Browsers visually display the added security of HTTPS as a padlock in the address bar.

HTTPS can prove a site’s authenticity to a browser when a Continue reading

Acacia’s $125M IPO filing a rarity among networking firms in 2015

Acacia Communications, an optical networking company that boosts bandwidth for cloud and other service providers, Monday filed for an IPO -- a rarity during a year in which the number of tech companies going public is at its lowest since 2009, the year Acacia launched.The $125M filing to go public comes during a year when the rise of the Unicorn, private companies with valuations of $1 billion or more, has blown away the tech IPO market. Tech IPOs this year have included those by First Data, Rapid7 and Pure Storage.To read this article in full or to leave a comment, please click here

Acacia’s $125M IPO filing a rarity among networking firms in 2015

Acacia Communications, an optical networking company that boosts bandwidth for cloud and other service providers, Monday filed for an IPO -- a rarity during a year in which the number of tech companies going public is at its lowest since 2009, the year Acacia launched.The $125M filing to go public comes during a year when the rise of the Unicorn, private companies with valuations of $1 billion or more, has blown away the tech IPO market. Tech IPOs this year have included those by First Data, Rapid7 and Pure Storage.To read this article in full or to leave a comment, please click here

About those unsecured security cameras in the U.S. without password protection

As for why the U.S. has the most cameras connected to the Internet that have no unique passwords to protect them, could it be that all those cameras are not actually located in the U.S.? For example, there was a camper with icicles that appeared to be about a foot long hanging off of it as a deep snow covered the ground, but it was tagged as being located in Ocala, Florida. A quick search revealed the temperature to be 80 degrees, and that didn’t come close to matching the real-time image.To read this article in full or to leave a comment, please click here

About those unsecured security cameras in the US without password protection

As for why the U.S. has the most cameras connected to the Internet that have no unique passwords to protect them, could it be that all those cameras are not actually located in the U.S.? For example, there was a camper with icicles that appeared to be about a foot long hanging off of it as a deep snow covered the ground, but it was tagged as being located in Ocala, Florida. A quick search revealed the temperature to be 80 degrees and that didn’t come close to matching the real-time image.To read this article in full or to leave a comment, please click here

Oracle settles FTC dispute over Java updates

Oracle promises to give customers tools that easily uninstall insecure older versions of Java SE that may still lurk as vulnerabilities within Web browsers.That promise comes in a consent decree with the Federal Trade Commission that is currently up for public review before taking effect in January.+More on Network World: After Juniper security mess, Cisco searches own gear for backdoors+To read this article in full or to leave a comment, please click here

Can collaborative security work?

At a web conference meeting with IT security professionals in early December, IT advisory services firm Wisegate polled the small group about how comfortable they were with sharing cyberthreat information with industry peers and with government agencies.When “sharing” included giving information to the government, about half of the group thought it was a bad idea. But when 'government' was taken out of the sharing equation, some 80 percent of respondents were at least 'somewhat comfortable' with sharing their knowledge.[ ALSO ON CSO: Silicon Valley wary of U.S. push for cyber security info sharing ]To read this article in full or to leave a comment, please click here

After Juniper security mess, Cisco searches own gear for backdoors

While it says it has no reason to think there are backdoors in any of its products, Cisco has started an additional code review looking for “malicious modifications” after Juniper’s announcement that its ScreenOS operating system has been vulnerable for years. Anthony Greico “Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience,” according to the Cisco Security blog written by Anthony Grieco, senior director of the company’s Security and Trust Organization. The company says it will release its findings in accordance with its security vulnerability policy.To read this article in full or to leave a comment, please click here

Python script to generate RADIUS users

Just for future reference, I wrote this quick script using python to generate RADIUS users in the Freeradius /etc/raddb/users file.  Makes light work of what I used to do rather painfully in Excel:

 

__author__ = 'amulheirn'

# Create lots of radius users for /etc/raddb/users file

interface = 'ge-0/2/0'        # Local source interface
ipaddr = '89.20.80.'          # First three octets of IP addr
startuser = 1                 # Start of the user range
enduser   = 20                # End of the user

for i in range (startuser, enduser):
    print 'user%[email protected]     Cleartext-Password := "password"' % (i)
    print '                        Service-Type := "Framed-User",'
    print '                        Framed-Protocol := "PPP",'
    print '                        Framed-IP-Address := "%s%d",' % (ipaddr, i)
    print '                        Context-Name := "tuk_llu",'

    
print "======[END]====="

What’s in a Name?

What’s the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet’s Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names while the other two cannot be delegated. It seems that Internet no longer has a single coherent name space, but has developed a number of silent and unsignalled fracture lines, and instead of being administered by a single administrative body there are a number of folk who appear to want to have a hand on the tiller! How have we managed to get ourselves into this somewhat uncomfortable position?

Process images for your blog with ImageMagick

When writing a blog post about a technical topic, I often capture a lot of screen shots that I need to edit before adding them to my blog article. Usually I want to add a border around each image and I sometimes want to reduce the size of images that are too large. I want to do this quickly and easily so I use ImageMagick, an open-source command line image editor.

It takes too long to edit a large number of images one by one in an image editor like Photoshop or Gimp. Using ImageMagick makes it easy to batch process all images in a folder by entering a simple command. You may also incorporate ImageMagick into shell scripts, batch files, or other programs to automate the preparation of images for your blog.

ImageMagick is a powerful image manipulation tool with an intimidating set of options and subcommands. However, most bloggers will use only a few simple options. In this post, I will show how to install and use ImageMagick to perform the simple image conversions bloggers typically need. I will show how this can be done on each of the major operating systems: Linux, Windows, and Mac OS X.

Continue reading

Attackers are hunting for tampered Juniper firewalls

An experiment by a cybersecurity research center shows attackers are trying to find Juniper firewalls that haven't been patched to remove unauthorized spying code.The SANS Internet Storm Center set up a honeypot -- a term for a computer designed to lure attackers in order to study their techniques -- that mimicked a vulnerable Juniper firewall.The honeypot was configured so that it appeared to run ScreenOS, the operating system of the affected Juniper firewalls, wrote Johannes Ullrich, CTO of the Internet Storm Center, on Monday in a blog post.To read this article in full or to leave a comment, please click here

Cisco launches code review after Juniper’s spyware disclosure

Cisco Systems has launched an internal code review following Juniper's disclosure last week of unauthorized spying code found in its enterprise firewall products.So far, "we have no indication of unauthorized code in our products," wrote Anthony Grieco, senior director of Cisco's Security and Trust Organization, in a blog post Monday.The code review was initiated by Cisco and not the result of contact by law enforcement, Grieco wrote.Juniper said on Thursday an internal audit uncovered code that could allow secret remote access and also compromise encrypted VPN connections. The code was found in some versions of an operating system called ScreenOS that powers firewall devices.To read this article in full or to leave a comment, please click here

1 3,118 3,119 3,120 3,121 3,122 3,754