Security researchers announce “first practical” SHA-1 collision attack

Security researchers announce “first practical” SHA-1 collision attack

 Security researchers at the CWI institute in Amsterdam working with a team from Google Research say they have found a faster way to compromise the SHA-1 hash algorithm — announcing what they describe as “the first practical technique for generating a SHA-1 collision” a in a blog post today. Read More

Privacy experts worry over Homeland Security’s possible move to collect travelers’ passwords

Privacy experts worry over Homeland Security’s possible move to collect travelers’ passwords


As the United States struggles with the international response of the new immigration ban, the Department of Homeland Security has created some more tension. In a congressional hearing earlier this week, John F. Kelly, the head of the DHS, shared new technical requirements for visa applicants. Kelly’s proposal calls for…

Security Experts Rebut The Guardian’s Report That Claimed WhatsApp Has a Backdoor

Security Experts Rebut The Guardian’s Report That Claimed WhatsApp Has a Backdoor

William Turton, writing for Gizmodo: This morning, the Guardian published a story with an alarming headline: “WhatsApp backdoor allows snooping on encrypted messages.” If true, this would have massive implications for the security and privacy of WhatsApp’s one-billion-plus users. Fortunately, there’s no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian’s story is a “major league fuckwittage.” […] Fredric Jacobs, who was the iOS developer at Open Whisper Systems, the collective that designed and maintains the Signal encryption protocol, and who most recently worked at Apple, said, “Nothing new. Of course, if you don’t verify keys Signal/WhatsApp/… can man-in-the-middle your communications.” “I characterize the threat posed by such reportage as being fear and uncertainty and doubt on an ‘anti-vaccination’ scale,” Muffett, who previously worked on Facebook’s engineering security infrastructure team, told Gizmodo. “It is not a bug, it is working as designed and someone is saying it’s a ‘flaw’ and pretending it is earth shattering when in fact it is ignorable.” The supposed “backdoor” the Guardian is describing is actually a feature working as intended, and it would require significant collaboration with Facebook to be able to snoop on and intercept someone’s encrypted messages, something the company is extremely unlikely to do. “There’s a feature in WhatsApp that — when you swap phones, get a new phone, factory reset, whatever — when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone,” Muffett told Gizmodo. Other security experts and journalists have also criticized The Guardian’s story.

Read more of this story at Slashdot.