We have computed the very first chosen-prefix collision for SHA-1. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.
We have reduced the cost of a collision attack from 2^64.7 to 2^61.2, and the cost of a chosen-prefix collision attack from 2^67.1 to 2^63.4.
Demo: The legacy branch of GnuPG (version 1.4) is vulnerable. We have created two PGP keys with different UserIDs and colliding certificates.
I just did a very simple API to query the threat actors from the @MISPProject galaxy. There is a public API and the server is also open source. You can find threat actors name, synonyms and all meta-data with a simple curl query. #ThreatIntel
Strange event on my house WiFi. A new station joins (associations goes up by 1. Someone opened a macbook air's lid) then all WiFi traffic goes to 0 (sev1 ticket: "daaaaad! The WiFi is broken!") Not sure what the deal is. OpenWRT is usually pretty robust, but this is not the first time I've seen this behaviour, but it's the first time I've captured it in the graph and gotten some data.
Company held hostage by ransomware shuts down, tells 300 employees to find new jobs.
A ransomware attack should never be enough to kill off your company.
Anyone got experience with a #yubikey and challenge-response via NFC under Android?
awesome-mobile-security: An effort to build a single place for all useful android and iOS security related stuff.
Active Directory Security Fundamentals
A lot of (targeted) ransomware attacks have been leveraging through Active Directory and it has made the headlines. Most organizations are struggling to secure their AD, because it is complex. It r…
@peveritt apologies for the delay in approving your account
Anyone else seeing errors of this form in sidekiq: "Av::CommandError: error while running command ffmpeg -ss 0 -i "/tmp/57f1270d6b0fc8769a20aa178bbee8a520200101-722-84121j.mp4" -f image2 -vframes 1 -loglevel fatal -vf scale='min(400\, iw):min(400\, ih)'..."
I'm seeing quite a few of them. #mastoadmin
A Mastodon instance for info/cyber security-minded people.