No, not exactly. The SHA-1 hashing algorithm still does what it is supposed to do. SHA-1 creates an unpredictable 20 byte “fingerprint” of the data input into the function, in this case a web server certificate. It is the unpredictability of the output that makes cryptographic hash functions so useful. … Continue reading
Yes, it is possible in theory to forge the Web Server Certificate that is used in SSL/TLS communication. This is because the certificate is signed by a certificate authority that your browser trusts using a cryptographic hashing algorithm of a specific length. The hashing algorithms that have been used to… Continue reading
Expect to see (more) subpoenas to Apple & Google for mobile phone backup data: https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT
How do ya'll feel about synching 2FA to the cloud? It just feels wrong...and I am a cloud fanboy. BTW there are ways to back up your tokens, just save the QR code image
https://www.zdnet.com/article/using-google-authenticator-heres-why-you-should-get-rid-of-it/
Drafting and Negotiating Effective Cloud Computing Agreements https://www.lexisnexis.com/lexis-practice-advisor/the-journal/b/lpa/posts/drafting-and-negotiating-effective-cloud-computing-agreements?utm_source=sumome&utm_medium=twitter&utm_campaign=sumome_share
https://www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/
Sodinokibi (a.k.a. "rEvil") ransomware hits managed service provider Synoptek, causing outages for many clients through the holidays. The company has apparently paid the ransom demand and is in process of restoring operations https://krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek/
