Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers.

Is SSL really broken?

No but another algorithm has been compromised - this time MD5.

The periodic breaking of encryption algorithms is an inevitable consequence of Moore's Law. All that is needed is sufficient compute power and you can break any encryption algorithm. In this case it took 200 clustered games consoles (don't let the word games fool you - these are powerful machines). However, today's supercomputer is tomorrow's low end laptop, so MD5 can safely be written off as of now.

The more worrying factor here is that most browsers including Firefox and IE can be fooled by a rogue CA certificate created using this technique, so there's a potential * window of opportunity for the bad guys to profit from this until browsers are all modified.

* Potential because the exploit is safely in the hands of the good guys - for now.

Category: T'Internet
Technorati: SSL MD5
(1)

The value of a .tel domain lies with the ability to host personal (or corporate) contact information directly in the DNS, which can then be universally accessible. This stands in contrast to the typical use of the DNS for other TLDs, in which the DNS only provides a mapping between domain names and IP addresses.

That is from the Telnic FAQ and what it gains in brevity it loses in clarity, so I'll explain.



Category: Domains
Technorati: .tel Telnic
(0)

Microsoft has proudly announced a raft of new ways to frustrate users and lower productivity with its new version of its celebrated Concentration Breaker software.

The company’s stated aim was to build upon the success of previous productivity blockers, such as the Pop Up cartoon paperclip, the upgrade warnings and the indecipherable error messages. But ‘Concentration Breaker’ was not succeeding in completely stopping people from working, explained Bill Gates. ‘These individual distractions are annoying, but they’re not the holistic, end to end, integrated distraction we believe is possible’ he said.

More >

(Thanks, John)

Category: Coffee and Cats
Technorati: Microsoft Concentration+Breaker+3.0
(0)

I hate Vista so much I want to cry. Bought a Vaio. The most useless $4k ever spent. It just will not join a sec-enabled network. HOW????

and

Forgive intemperate language, but  every time I buy a PC they're worse, not better than they were before and it make me so angry I could kill

It gets funnier - and ruder - but, if you don't mind the intemperate language, read it all at http://twitter.com/stephenfry

Category: Coffee and Cats
Technorati: Stephen+Fry Vista
(1)

Category: Misc
Technorati: Food
(2)

The use of Google Friend Connect is currently by invitation only, but you can register interest by clicking the Sign up for the preview release button at this page.

Friend Connect inverts the usual social networking model which is centred on specific social networking sites like Facebook or MySpace, and where third party applications live within that closed environment. Instead of being centred on a single site, like Facebook, Friend Connect allows social networking features to be distributed and appear on any number of different sites.

Where a user joins multiple sites, a network of related sites starts to form and interaction between readers with overlapping but different interests becomes possible.

I see potential here, so as a further test I have disabled the usual comment form on this post and included a Friend Connect comments widget after the break.



Category: Google
Technorati: Friend+Connect Google

Nothing like being given a new IP range to migrate to from your hosting provider, only to find out that it was previously used by a spammer!

Category: T'Internet
Technorati: IPv4 Spam reputation
(1)

Dear Costumer, Halifax is constantly working to increase security for all Online Banking users. To ensure the integrity of our online payment system, we ... blah blah blah ...

cos-tum-er n

1. One that makes or supplies costumes, as for plays or masquerades.
2. A clothes tree.

This must be what they mean by Shakespeare phishing.

Sorry.

Category: Phish
Technorati: Phish
(0)

Hi, clinfoot.

Stephen Fry (stephenfry) is now following your updates on Twitter.

Check out Stephen Fry's profile here:

 http://twitter.com/stephenfry


Best,
Twitter

OK, he's only following me because I followed him. I don't want to miss any more of his mots juste on the subject of the BlackBerry Storm.

Now if only I had something worthwhile to say...

Category: Twitter
Technorati: Stephen+Fry Twitter Blackberry+Storm
(2)