SANS Internet Storm Center, InfoCON: green

Syndicate content SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 57 min 33 sec ago

ISC Stormcast For Friday, February 24th 2017 https://isc.sans.edu/podcastdetail.html?id=5389, (Fri, Feb 24th)

1 hour 4 min ago
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Practical collision attack against SHA-1 , (Thu, Feb 23rd)

Thu, 2017/02/23 - 18:56
Google has announced that they have succeeded in developing a technique which makes it practical to crafttwo PDF files with the same SHA-1 digital signature. Of course like all new vulnerabilities/attacks in this decade it needs a web page and a cool logo. Not to disappoint they can be found here. What does this mean to you? The fact is nothing has changed since yesterday. This is still a difficult attack. For most applications SHA-1 will still be an adequate level of protection. This does highlight a significant riskto high-trust applications such as banking, legal contracts and digital signatures. Theoretical attacks against SHA-1 have been hypothesized since 2005 and SHA-1 was deprecated by NIST in 2011, so most high-trust uses of SHA-1 should be long since upgraded to more secure methods. SHA-1 is still commmonly used for file integrity hashes, and is used for that purpose in Git and most vendor signatures, so there wil be some work to do. Google is following their disclosure guidelines so the details of the attack will not be released for 90 days. Leaving time for applications that are still using SHA-1 to move to more secure hashing methods such as SHA-3 or SHA-256. Further reading below: Google - https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html ARSTechnica -https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/ -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Putty 0.68 released - http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html, (Thu, Feb 23rd)

Thu, 2017/02/23 - 16:36
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

ISC Stormcast For Thursday, February 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5387, (Thu, Feb 23rd)

Thu, 2017/02/23 - 05:15
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts