Google Announces SHA-1 Deprecation Timeline
Despite recently public concerns over the sunsetting of SHA-1, Google announced it will block new SHA-1 certs in Chrome as of Jan. 1, and all SHA-1 certs possibly by July 1, 2016.
collision attack
Practical SHA-1 Collision Months, Not Years, Away
New research into attacks against the SHA-1 cryptographic algorithm lessen the cost and time to arrive at a practical collision.
Last.fm, Mum On Breach, Adopts ‘More Rigorous’ Password Security
Last.fm, the online music streaming service, said it has implemented ‘more rigorous’ security for customer account passwords in the wake of reports that some of those passwords had been leaked online.
The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.
