Rogue CA – MD5 collisions for phun and profit

Posted on January 1, 2009 by Chris Samuel

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Trust no one..

(Via)

Homophobic Pope

Posted on December 23, 2008 by Chris Samuel

Can we have a new pope please ? This one is broken..

Using Internet Explorer ? Switch Browser Now!

Posted on December 16, 2008 by Chris Samuel

Oh joy, the BBC is reporting…

Users of the world’s most common web browser have been advised to switch to a rival until a serious security flaw has been fixed.

It’s yet another security hole in Internet Exploder, this time a heap overflow that works against IE 7 as well as IE 6 and the betas of IE8.

It’s being actively exploited too (again from the Beeb):

As many as 10,000 websites have been compromised since last week to take advantage of the security flow (sic), said antivirus software maker Trend Micro.

I’m pretty sure the writer meant flaw, not flow.. 🙂

Please use Firefox instead!

Go Anne!

Posted on December 6, 2008 by Chris Samuel

Here’s some good news, our good friend Anne McDonald has won the Personal Achievement Award in the 2008 Australian National Disability Awards! She was at the awards ceremony at the Federal Parliament in Canberra on the International Day of People with Disability to hear who’d won. The press release says:

Anne was born with cerebral palsy and at age of three was admitted to the St Nicholas Hospital state institution, unable to walk, talk or feed herself. Eventually Anne learnt to communicate by pointing to letters on an alphabet board and at 18 years old went to court to win her freedom from St Nicholas. She has since written a bestselling book, graduated from university with a Humanities degree and dedicated her life to advocating for the rights of people who can not talk.

But they don’t mention bungee jumping, Mona Lisa or a wicked sense of humour.. Well done Anne! 🙂

Cartoon of Anne McDonald as Mona Lisa from her website.

Patent Trolls Attack OpenMoko Project

Posted on November 14, 2008 by Chris Samuel

It appears that the patent trolls Sisvel are attacking the OpenMoko project, and as part of their strategy the project has chosen to pull all of their downloads whilst they remove any support for MP2 and MP3 files.

The short story is that we are in a protracted battle with some patent trolls. Google for Sisvel. In order to get ourselves in a stronger position, we want to make sure no copies/instances/whatever of patent-infested technologies like MP2 and MP3 exist on our servers. Our phones never shipped with end-user MP3 playback features, but we want to use this opportunity to make sure it’s not even in some remote place somewhere.

As Sisvel aren’t the only ones to sue over MPEG related patents (( note that Microsoft won on appeal very recently, reversing the decision )) it really does bring the message home that MPEG is not a safe technology for audio files and that things like Ogg-Vorbis and FLAC are far better (and safer!) choices in the long run.

No Opt-Out for the Great Firewall of Australia

Posted on October 14, 2008 by Chris Samuel

So it appears there will be no way to escape from being blocked from seeing sites that are false positives due to buggy & broken filters or incorrectly classified, etc.. 🙁

Australians will be unable to opt-out of the government’s pending Internet content filtering scheme, and will instead be placed on a watered-down blacklist, experts say.

According to preliminary trials, the best Internet content filters would incorrectly block about 10,000 Web pages from one million.

I guess if John Howard was still around he’d want us to be blocked from seeing un-American content too.

McCain versus the Universe

Posted on October 11, 2008 by Chris Samuel

I can’t tell which of these three things is worse about John McCain:

He can’t tell (or is willing to mislead) when Federal money hasn’t been spent on a project
He can’t tell an overhead projector from a planetarium display projector
He thinks that the idea of spending taxpayer money on aiding scientific education is a bad thing

This is all down to his repeated denigration of a request for US$3M federal funding from the Adler Planetarium in Chicago (which has bipartisan support) with comments such as planetariums being “foolish”. As New Scientist says:

What may be most troubling to science educators is the fact that McCain clearly presumed that the wastefulness of spending money on a planetarium would be self-evident without any further explanation or context.

Given that the planetarium were after US$3M to replace a 40 year old projector (which they can no longer get spare parts for), and the cost of the Iraq war is over US$300M per day, it seems churlish to refuse their paltry request.

Update: Maybe McCain should see this XKCD.. 🙂

Victoria has Driest September on Record

Posted on October 2, 2008 by Chris Samuel

Sigh, our 12 year drought continues ever onwards..

With 12 mm for the month, Melbourne has recorded it driest September since records began in 1855. The previous driest was September 1907 when 13.4 mm of rain fell. Historically September is one of Melbourne’s wetter months averaging 57.9 mm.

Looks like we’re also set to record 12 consecutive years of below average rainfall, the previous record was just 6 years. and ss I write Melbourne’s water storages are still under 35% full as we come out of winter.

All of this makes me wonder if some of the concerns about the drought affecting electricity generation last year will start to actually happen this year.

Google Chrome

Posted on September 2, 2008 by Chris Samuel

Oops..

At Google, we have a saying: â€œlaunch early and iterate.â€ While this approach is usually limited to our engineers, it apparently applies to our mailroom as well! As you may have read in the blogosphere, we hit “send” a bit early on a comic book introducing our new open source browser, Google Chrome.

The Wikipedia page has more info, apparently it’s based on WebKit. Expect the Windows beta in the next day or so, with Linux and OSX to come. Open source of course.

RIP Bob Humphreys, BBC Wales Sports Reporter (retired)

Posted on August 19, 2008 by Chris Samuel

When I lived in Wales, or visited my folks after I’d left, I’d always end up hearing Bob Humphreys on the BBC talking about the rugby. He was a familiar sight and sound and so it was sad to hear that he’s died at the age of 56 of lung cancer. The WRU also has a tribute up for him.

The Musings of Chris Samuel

Computers, science, archaeology and other random burblings

Category Archives: News