10/6
Blue Hat. Blue Hat was fantastic. Four hundred MS
engineers witnessing HD’s VNC injection for the first time — this is not an
experience one has every day 🙂 It’s unquestionable that MS has recognized
a threat to its continued existence. Spyware has them spooked something fierce,
as well it should: Every time I put a Knoppix disc in my system, I get a
consistent environment that does almost everything I want. Customization
is only a boon if your system gets closer to desired behavior over time.
Spyware converges on…well, “complete abject system failure” comes to mind.
Not exactly good for the Microsoft value proposition. It’s very nice to see
they understand this.
Regarding the two web pages with the same hash:
Note the hashes:
$ curl http://s3.amazonaws.com/dmk/t1.html | md5sum
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 40737 100 40737 0 0 224k 0 0:00:00 0:00:00 0:00:00 406k
c0f3adb824590b40944614268e627421 *-
$ curl http://s3.amazonaws.com/dmk/t2.html | md5sum
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 40737 100 40737 0 0 150k 0 0:00:00 0:00:00 0:00:00 240k
c0f3adb824590b40944614268e627421 *-
I’ve been showing this at conferences since Shmoocon back in January. The tool
that generates the collisions, Confoo, will be on this site shortly, but
the technique is fairly straightforward — View Source is your friend. For
details, see the MD5 Someday paper or Daum and Lucks’ application of the technique to Postscript.
Incidentally, broke my arm. That sucks. They gave me the raw CT scan
data. Rock. Looks like I get to open source my the shattered remnants of my arm… 😉
(It’s not that bad, but they
are operating tomorrow. Fun.)
Early imagery, if ya care:
Dan Kaminsky's Blog 