The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, says security researcher Alexander Sotirov.
In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.
The attack was significant because it showed for the first time that at least one of the known theoretical MD5 collision techniques could be used in practice to defeat the security of the HTTPS (HTTP Secure) protocol. To pull off the attack, the researchers used computing power generated by a cluster of 200 PlayStation 3s. Read more...
Among the allures of cloud computing is the promise of easily and seamlessly moving services from one cloud to another. Realizing that kind of portability, however, is difficult. Every cloud service has its own distinct requirements, such as security, governance, and compliance, as well its constituent parts, including Web server, database, storage, and networking requirements.
In an effort to make cloud service more portable, a group of tech giants that includes IBM, Cisco, EMC, CA, SAP, and Red Hat today unveiled the first draft of open interoperability specification called TOSCA (Topology and Orchestration Specification for Cloud Applications). Capgemini, Citrix, NetApp, PwC, Software AG, Virtunomic, and WSO2, among others, are also contributors.
TOSCA aims to let companies create interoperable descriptions -- in a sense, templates -- of their application and infrastructure services, the relationships between the parts of the service, and the operational behavior of the services. The open nature of the standard is intended to ensure service interoperability, regardless of supplier, provider, or host technology. Read more...
The larger a company becomes, the more difficult it is to ensure its workforce gets the information they need, when they need it.
That was the dilemma facing the UK-based speaker maker Bowers & Wilkins (B&W) two years ago.
The 46-year-old company had reached annual revenues of about £200m and was operating in about 60 countries worldwide, but it had a problem with the quality of information being gathered about its operations.
Regional teams were compiling their own business reports and emailing them to managers - but these reports often contained inconsistent and erroneous information.
"The dispersed nature of the teams drove us to have problems with reporting. Read more...