Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission Summary: 0 pending, 49 declined, 6 accepted (55 total, 10.91% accepted)

Security

Submission + - CCC Create a rogue CA certificate (win.tue.nl)

Submitted by
t3rmin4t0r
t3rmin4t0r writes: "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rouge CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, md5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."
Google

Submission + - Google Native client: x86 on the web (google.com)

Submitted by
t3rmin4t0r
t3rmin4t0r writes: "Google has announced Google native client which is enables x86 native code to be run securely inside a browser. With java applets already dead and buried, this could mean the end of the new war between browsers and the various javascript engines (V8, Squirrelfish, Tracemonkey). The only question remains whether it can be secured (ala ActiveX) and whether the advantages carry over onto non-x86 platforms.The package is available for download from its Google code site. Hopefully, I can finally write my web apps in asm."

Slashdot Top Deals

Nothing will ever be attempted if all possible objections must be first overcome. -- Dr. Johnson

Close