Home > Security > 10/6

10/6

Blue Hat. Blue Hat was fantastic. Four hundred MS
engineers witnessing HD’s VNC injection for the first time — this is not an
experience one has every day 🙂 It’s unquestionable that MS has recognized
a threat to its continued existence. Spyware has them spooked something fierce,
as well it should: Every time I put a Knoppix disc in my system, I get a
consistent environment that does almost everything I want. Customization
is only a boon if your system gets closer to desired behavior over time.
Spyware converges on…well, “complete abject system failure” comes to mind.
Not exactly good for the Microsoft value proposition. It’s very nice to see
they understand this.

Regarding the two web pages with the same hash:

Note the hashes:


$ curl http://s3.amazonaws.com/dmk/t1.html | md5sum
  % Total    % Received % Xferd  Average Speed          Time             Curr.
                                 Dload  Upload Total    Current  Left    Speed
100 40737  100 40737    0     0   224k      0  0:00:00  0:00:00  0:00:00  406k
c0f3adb824590b40944614268e627421 *-
$ curl http://s3.amazonaws.com/dmk/t2.html | md5sum
  % Total    % Received % Xferd  Average Speed          Time             Curr.
                                 Dload  Upload Total    Current  Left    Speed
100 40737  100 40737    0     0   150k      0  0:00:00  0:00:00  0:00:00  240k
c0f3adb824590b40944614268e627421 *-


I’ve been showing this at conferences since Shmoocon back in January. The tool
that generates the collisions, Confoo, will be on this site shortly, but
the technique is fairly straightforward — View Source is your friend. For
details, see the MD5 Someday paper or Daum and Lucks’ application of the technique to Postscript.

Incidentally, broke my arm. That sucks. They gave me the raw CT scan
data.
Rock. Looks like I get to open source my the shattered remnants of my arm… 😉
(It’s not that bad, but they
are operating tomorrow. Fun.)

Early imagery, if ya care:

Categories: Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: