Blog

Welcome to This Week’s [in]Security. Online Skimming and PCI. CheckPeople.com breach. Ransomware and Password Theft. DNA collection. Apple vs. FBI Round 2, NIST IoT, Password blocking. Correcting misinformation. Practical SHA-1 attack, Critical Firefox,...

In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the general public will be spectators to another ongoing drama. From our perspective, thankfully, it sounds like...

History

The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated SHA-1. The use of SHA-1 web site certificates has been stopped. And now a practical collision attack against...