Threat Post

Microsoft Details Flame Hash-Collision Attack

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers ...
Ars Technica

How do you know when md5 will bite you with collisions?

1) It is trivial for someone to cause a collision (in fact effectively indefinitely many) with other inputs they control. 2) It's almost certainly not too hard for someone motivated to generate ...
Ars Technica

Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in ...
Network World

Continued support for MD5 endangers widely used cryptographic protocols

The old and insecure MD5 hashing function hasn’t been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including ...