Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror

Submission Summary: 0 pending, 49 declined, 6 accepted (55 total, 10.91% accepted)

Security

Submission + - CCC Create a rogue CA certificate (win.tue.nl)

Submitted by
t3rmin4t0r
t3rmin4t0r writes: "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rouge CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, md5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."
Google

Submission + - Google Native client: x86 on the web (google.com)

Submitted by
t3rmin4t0r
t3rmin4t0r writes: "Google has announced Google native client which is enables x86 native code to be run securely inside a browser. With java applets already dead and buried, this could mean the end of the new war between browsers and the various javascript engines (V8, Squirrelfish, Tracemonkey). The only question remains whether it can be secured (ala ActiveX) and whether the advantages carry over onto non-x86 platforms.The package is available for download from its Google code site. Hopefully, I can finally write my web apps in asm."

Slashdot Top Deals

All constants are variables.

Close