Security Alerts & News
by Tymoteusz A. Góral

History
#2040 Watershed SHA1 collision just broke the WebKit repository, others may follow
Thursday's watershed attack on the widely used SHA1 hashing function has claimed its first casualty: the version control system used by the WebKit browser engine, which became completely corrupted after someone uploaded two proof-of-concept PDF files that have identical message digests.

The bug resides in Apache SVN, an open source version control system that WebKit and other large software development organizations use to keep track of code submitted by individual members. Often abbreviated as SVN, Subversion uses SHA1 to track and merge duplicate files. Somehow, SVN systems can experience a severe glitch when they encounter the two PDF files published Thursday, proving that real-world collisions on SHA1 are now practical.
Read more
#2041 Security lapse exposed New York airport's critical servers for a year
#2040 Watershed SHA1 collision just broke the WebKit repository, others may follow
#2039 Linus Torvalds on SHA1 and Git: 'The sky isn't falling'
#2038 SHA1 collider
#2037 Removing user admin rights mitigates 94% of all critical Microsoft vulnerabilities
#2036 List of sites possibly affected by Cloudflare's Cloudbleed HTTPS traffic leak
#2035 How security products are tested – part 1
#2034 The real cost of ransomware: Attacks take most victims offline for at least a week
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12