sha-1

(get it in RSS or Atom)

SSCC 124 - CryptoLocker continues, RIP Mavis Batey, Loyaltybuild BAD, Microsoft GOOD [PODCAST]

sscc-124-thumb-250

Can you believe that a brand loyalty company would take two weeks to tell its loyal customers their data had been stolen? Oh, and that it wasn't encrypted, either?

What does this tell us about security? Find out in the latest episode of the Chet Chat...

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Monday review - the hot 22 stories of the week

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

SHA-1 brute-force attack trimmed by 21% - paper from Oslo password hacking conference

SHA-1 brute-force attack trimmed by 21% - paper from Oslo password hacking conference

Jens Steube, author of the pasword cracking tool hashcat, can make your SHA-1 password cracking tool 25% faster.

Just like that.

SHA-3 hash competition concludes, and the winner is...Keccak!

SHA-3 hash competition concludes, and the winner is...Keccak!

Five years, 64 entries and three rounds of cryptographic cook-off later, and we finally have a winner of the Secure Hash Algorithm 3 competition: Keccak.

We explain how it's different, and why, and we tell you how to pronounce it...

Microsoft speaks out on Flame malware certificate forgery

Microsoft speaks out on Flame malware certificate forgery

Microsoft has now gone public with additional information about the certificate forgery in the Flame malware. The attackers used an MD5 collision.

Learn more about hash collisions, and how to avoid them in your own IT environment.

SHA-1 cracked for $2. Or a load of rubbish?

sha1-250

We're into the back end of November, so you were probably thinking that nothing would have time to oust Stuxnet as computer security hyperbole of the year.

Seems you were wrong. The security news wires are abuzz with a new story.