SHA-1 End Times Have Arrived
Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.
Collision attacks
Threatpost News Wrap, August 26, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on ShadowBrokers and Cisco, Sweet32, decryptors for the Wildfire ransomware, and some gaming forum breaches.
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH.
Microsoft said this week it’s considering moving up its deadline for blocking SHA-1 signed certificates to June 2016.
Mozilla announced that it will begin phasing out support for SHA-1 certificates, and will no longer trust them after Jan. 1, 2017.
Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm.
Editor's Picks
-
GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig
-
DEF CON 2018: Voting Hacks Prompt Push Back from Election Officials, Vendors
-
Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles
-
Understanding TRITON and the Missing Final Stage of the Attack
-
Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue