Slashdot Mirror

New submitter cccc828 writes: In a new paper Norbert Blum tackles the P=NP question and finds them to be not equal. While this is exciting news (for theoretical computer scientists at least), remember that there is a long list of findings pointing either way.

t3rmin4t0r writes "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rogue CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, MD5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."

prostoalex writes "Marc Stevens, Arjen K. Lenstra, and Benne de Weger have released their paper 'Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5'. It describes a reproducible attack on MD5 algorithms to fake software signatures. Researchers start off with two simplistic Windows applications — HelloWorld.exe and GoodbyeWorld.exe, and apply a known prefix attack that makes md5() signatures for both of the applications identical. Researchers point out: 'For abusing a chosen-prefix collision on a software integrity protection or a code signing scheme, the attacker should be able to manipulate the files before they are being hashed and/or signed. This may mean that the attacker needs insider access to the party operating the trusted software integrity protection or code signing process.'"

rbarreira writes "Bruce Schneier's blog is reporting on a new paper by Vlastimil Klýma, which summarizes a new method for finding collisions on the MD5 hash algorithm. Furthermore, the first pair of colliding X.509 Certificates has been published by a different team."

Haydn Fenton writes "Wired has a recent article on the16th annual IOI (that's International Olympiad in Informatics), taking place in Athens from Sept 11th to Sept 18th. The 304 programmers from 80 countries will be competing in 7 marathon programming sessions to determine the world's fastest coder. The computers are being supplied by Altec and contestants will have a choice of using either Windows XP or RedHat 9.0. More information can be found on the IOI Website."

Martin_Sturm writes "The IEEE consortium announces in a recent press release that it granted permission to the Linux Man Page Project to incorporate material from the official documentation on the POSIX standard. Obviously this is very good news for the Man Page project which now has access to a huge amount of good documentation. Until recently the project could not use this documentation due to copyright restricions."

BSD Today has this story about IBM refusing to deal with the fact that FreeBSD will not boot on their laptops. The actual service page is on IBM's support site. IBM does support Linux on the A20m though, but only OpenLinux. Is it my imagination or does this seem strange for a company that seems to understand the Open Source idea? Update: Seems that the problem is a BIOS issue where IBM used partition type a5 (or 165) for their suspend partition, this was reserved for 386BSD/FreeBSD/NetBSD. (NetBSD has since started using a9.) Here's a list of partition IDs as well as an explanation.

Last semester in my interfaces class, my roomate and eye were large scale advocates of wearable computers. We were scoffed at loudly by everyone who told us that it was 20 years off, but check out this story over at wired that tells about LCD monitors that you can mount in glasses. It's coming fast guys... thanks to Dwarf for sending this our way.