I have collected many posts regarding this issue on my blog category on MD5.
And posted my practical exploit of MD5 some time ago on slashdot.
This new code is the tombstone for MD5, in fact, now we can write a better exploit of MD5, for example, someone can attack a mirror site of apache, that uses MD5 as check sum, and replace a distribution of the software with some time of malware.
Can you tell me if was the MS link the/.ed one? Because the second link is on my site with Linux Centos, in this case is a blog site, and not tunned to a huge traffic, I want to improve my site, so you information will be valuable for me.
Beautiful paper, but in the practice this couldn't happen.
TV SHows in latin america and spain, that I personally know, receives near 150.000 sms per hour (~40 sms/sec).
With a modem gprs/gsm we can send 30 sms/second. In fact, i my former job we sent periodically over 50 sms/sec without DOS effect over GSM networks.
Are you telling that with 4 modems we can disrupt the all the cell phones in Manhattan?
No, is not possible. Even without modems, using SMPP directly, the protocol is so slow that we can't reach a throghput big enough to make this possible.
In practice, Cell Phones Companies doesn't allow more than 40-50 sms/sec.
Personally, I wrote a ESME application server server with a throughput of 600 sms/sec, using SMPP, but no company ever acepted more than 50 sms/sec, because of contention.
There is a lot of contention in SMSC and all ESMEs must be aware of this, and manage their own queues because of this.
In the paper the investigator forgot some important bussines step before the SMSC query the HLR. The SMSC must consult de Subscribers Database and check billing systems, for example. This is the main reason of contention of sms messages. I don't know how cell phones billing is in USA, but in many countries there is a limit based on the plan subscripted.
"If there's one general precept of security policy that is universally true, it is that security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem".
Bruce Schneier, A Real Remedy for Phishers
Why the links redirect to other google page?
on
Google's Blog Search
·
· Score: 1
In google, every link is clean, a direct url to the site you are searching.
Now we have this intermediate page Redirecting you to...
Would this page filled with ads in the future?
Yes, blogsearch doesnt put clean links, always you are redirected, in google you don't have this.
Perhaps in the near future they will put ads on this redirect page, go figure...
When you search on google blogsearch, if you click on links, you got redirected to another google site, and later you are redirected to the source blog.
Is Google analyzing every click you are doing on this tool??
"One clear symptom that you've got a case of "Penetrate and Patch " is when you find that your system is always vulnerable to the "bug of the week." It means that you've put yourself in a situation where every time the hackers invent a new weapon, it works against you. Doesn't that sound dumb? Your software and systems should be secure by design and should have been designed with flaw-handling in mind."
(http://www.ranum.com/security/computer_security/e ditorials/dumb/)
Is time to mozilla people to worry more about security.
Slashdot Mirror
I have collected many posts regarding this issue on my blog category on MD5. And posted my practical exploit of MD5 some time ago on slashdot. This new code is the tombstone for MD5, in fact, now we can write a better exploit of MD5, for example, someone can attack a mirror site of apache, that uses MD5 as check sum, and replace a distribution of the software with some time of malware.
Thanks, I just want to be prepared in case of being /.ed :).
I think that CentOS could do the job as expected.
Can you tell me if was the MS link the /.ed one? Because the second link is on my site with Linux Centos, in this case is a blog site, and not tunned to a huge traffic, I want to improve my site, so you information will be valuable for me.
http://www.smsanalysis.org/smsanalysis.pdf
Beautiful paper, but in the practice this couldn't happen. TV SHows in latin america and spain, that I personally know, receives near 150.000 sms per hour (~40 sms/sec). With a modem gprs/gsm we can send 30 sms/second. In fact, i my former job we sent periodically over 50 sms/sec without DOS effect over GSM networks. Are you telling that with 4 modems we can disrupt the all the cell phones in Manhattan? No, is not possible. Even without modems, using SMPP directly, the protocol is so slow that we can't reach a throghput big enough to make this possible. In practice, Cell Phones Companies doesn't allow more than 40-50 sms/sec. Personally, I wrote a ESME application server server with a throughput of 600 sms/sec, using SMPP, but no company ever acepted more than 50 sms/sec, because of contention. There is a lot of contention in SMSC and all ESMEs must be aware of this, and manage their own queues because of this. In the paper the investigator forgot some important bussines step before the SMSC query the HLR. The SMSC must consult de Subscribers Database and check billing systems, for example. This is the main reason of contention of sms messages. I don't know how cell phones billing is in USA, but in many countries there is a limit based on the plan subscripted.
"If there's one general precept of security policy that is universally true, it is that security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem". Bruce Schneier, A Real Remedy for Phishers
In google, every link is clean, a direct url to the site you are searching. Now we have this intermediate page Redirecting you to ...
Would this page filled with ads in the future?
Yes, blogsearch doesnt put clean links, always you are redirected, in google you don't have this. Perhaps in the near future they will put ads on this redirect page, go figure...
When you search on google blogsearch, if you click on links, you got redirected to another google site, and later you are redirected to the source blog. Is Google analyzing every click you are doing on this tool??
"One clear symptom that you've got a case of "Penetrate and Patch " is when you find that your system is always vulnerable to the "bug of the week." It means that you've put yourself in a situation where every time the hackers invent a new weapon, it works against you. Doesn't that sound dumb? Your software and systems should be secure by design and should have been designed with flaw-handling in mind." (http://www.ranum.com/security/computer_security/e ditorials/dumb/)
Is time to mozilla people to worry more about security.