The Evils of MD5

I have a new cause.  I didn’t expect to have one, but we don’t always get to choose.  Sometimes, the issues choose us.  In February 2017, the cryptographic hashing algorithm SHA-1 was broken in practice.  A practical collision was found, and published on the following website:  https://shattered.io  We have known for some time that SHA-1 is at the end of useful life and have begin moving to more…

Read More

Repetitive nature of problems

Working in the Information Security industry, I follow as much information as I can on the attacks and vulnerabilities that occur in our industry. Sometimes these attacks occur as a result of new or unique attack on a product or technology. However, this is usually not the case. We see the same vulnerabilities, and the same basic attacks utilized over and over again. At some point, we as an…

Read More

Un-patched Systems

https://www.cnet.com/news/most-android-users-running-outdated-security-patches-report-says/ An article on March 23, 2017 from C|Net reports that 71% of Android users on major U.S. cellular carriers are running phones with outdated security patches. This is an astonishing number. Unfortunately, it is not a surprising number. Software updates have become a required component of using any device…

Read More

Equifax Hack

Friends, please do NOT click on any website or link that purports to allow you to “check” if you have been compromised in the Equifax hack. Clicking on these links, and then providing confidential or personal information, is something you should not be doing. Equifax themselves registered another website, one that is not Equifax.com, to encourage people to do this very thing. This is the opposite…

Read More