The Evils of MD5
July 4, 2017
I have a new cause. I didn’t expect to have one, but we don’t always get to choose. Sometimes, the issues choose us. In February 2017, the cryptographic hashing algorithm SHA-1 was broken in practice. A practical collision was found, and published on the following website: https://shattered.io We have known for some time that SHA-1 is at the end of useful life and have begin moving to more…
Repetitive nature of problems
July 4, 2017
Working in the Information Security industry, I follow as much information as I can on the attacks and vulnerabilities that occur in our industry. Sometimes these attacks occur as a result of new or unique attack on a product or technology. However, this is usually not the case. We see the same vulnerabilities, and the same basic attacks utilized over and over again. At some point, we as an…
Un-patched Systems
July 4, 2017
https://www.cnet.com/news/most-android-users-running-outdated-security-patches-report-says/ An article on March 23, 2017 from C|Net reports that 71% of Android users on major U.S. cellular carriers are running phones with outdated security patches. This is an astonishing number. Unfortunately, it is not a surprising number. Software updates have become a required component of using any device…
Equifax Hack
September 8, 2017
Friends, please do NOT click on any website or link that purports to allow you to “check” if you have been compromised in the Equifax hack. Clicking on these links, and then providing confidential or personal information, is something you should not be doing. Equifax themselves registered another website, one that is not Equifax.com, to encourage people to do this very thing. This is the opposite…