Domain: dotgnu.info
Stories and comments across the archive that link to dotgnu.info.
Stories · 3
-
CCC Create a Rogue CA Certificate
t3rmin4t0r writes "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rogue CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, MD5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now." -
Google Native Client Puts x86 On the Web
t3rmin4t0r writes "Google has announced its Google native client, which enables x86 native code to be run securely inside a browser. With Java applets already dead and buried, this could mean the end of the new war between browsers and the various JavaScript engines (V8, Squirrelfish, Tracemonkey). The only question remains whether it can be secured (ala ActiveX) and whether the advantages carry over onto non-x86 platforms. The package is available for download from its Google code site. Hopefully, I can finally write my web apps in asm." Note: the Google code page description points out that this is not ready for production use: "We've released this project at an early, research stage to get feedback from the security and broader open-source communities." Reader eldavojohn links to a technical paper linked from that Google code page [PDF] titled "Native Client: A Sandbox for Portable, Untrusted x86 Native Code," and suggests this in-browser Quake demo, which requires the Native Code plug-in. -
Google Finance Beta Released
t3rmin4t0r writes "Forbes.com is reporting that google has rolled out a finance site. The site finance.google.com seems to be too plain and looks suspiciously like something quickly hacked together. The Forbes article mentions that "Google had previously provided financial information through a framed page featuring information from Yahoo! Finance, Fool.com, MSN Money Central and ClearStation " and that the information is collected from various sources rather than a direct feed from the stock exchanges, making it probably less useful for buy & sell decisions. "