Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power.
Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.
A big part of cyber security is being prepared. You want to do as much as you can to prevent attackers from breaching your network. Defenders have all kinds of ways to make this work. They have firewalls. They have endpoint protection. They have password managers. They have security training and information resources. And they have all of these right at their fingertips. What defenders need more of, however, are solutions for when plans fail. Plans fail because what defenders keep ignoring is that there are people behind every cyber threat. Those people are 100% focused on getting around prevention mechanisms to hit their targets. And one of them will always find a way through.
German police announced today that fellow UK police officers have arrested a suspect behind a serious cyber-attack that crippled German ISP Deutsche Telekom at the end of November 2016.
The attack in question, first reported by Bleeping Computer, caused over 900,000 routers of various makes and models to go offline after a mysterious attacker attempted to hijack the devices through a series of vulnerabilities.
Deutsche Telekom experts countered the attack on the same day by releasing a firmware update and asking customers to reboot devices so they could receive the new hardened firmware.
The new Android banking malware ESET recently discovered on Google Play was spotted in the wild again, targeting more banks. Further investigation of this resurfacing threat has uncovered its code was built using source code that was made public a couple of months ago.
The previous version was detected by ESET as Trojan.Android/Spy.Banker.HU (version 1.1 – as marked by its author in the source code) and reported on February 6th. The malware was distributed via Google Play as a trojanized version of a legitimate weather forecast application Good Weather. The trojan targeted 22 Turkish mobile banking apps, attempting to harvest credentials using phony login forms. Moreover, it could lock and unlock infected devices remotely, as well as intercept text messages.
Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.
The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.
The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.
Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords, and cookies and tokens used to authenticate users.
A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time, by making Web requests to affected websites, and to access some of the leaked data later by crafting queries on search engines.