February 2005 Entries
From Bruce Schneier blog: SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results: collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length. collisions in SHA-0 in 2**39 operations. collisions in 58-round SHA-1...
Found Microsoft Security Response Center blog [via Valery Pryamikov] and Stephen Toulouse blog - subscribed. [Update 2005/04/13] blog moved to new location
It seems that time Windows Server SP1 and x64 editions (amd64, EM64T) would be released soon. Service Pack 1 Release Candidate 2 is available for download and Windows Server team start blogging [rss] and new training sessions are ready (sadly Route64 v2 will not be held in Eastern Europe). And yes, I'm running this version at my work computer ;-)...
Microsoft posted PromqryUI.exe and promqrycmd.exe tools for download (documentation). Those tools can be used to detect network interfaces that are running in promiscuous mode in network (such as L0phtCrack). [Updated 02/07/2005] Tim Rains describes his intentions to develop this tool...