Researcher generates executable MD5 collisions with Authenticode signed binary

We have heard quite a bit recently about the dangers of using MD5, a now-broken cryptographic hash routine, for determining the validity of SSL certificates. Today we see that a researcher has taken a major step in generating malicious software whose signature matches that of an Authenticode-signed binary.

Researcher Didier Stevens has shown that [...]

January 17th, 2009 | Tags: | Category: General | Leave a comment

‘Amazing’ worm attack infects 9 million PCs

Calling the scope of the attack “amazing,” security researchers at F-Secure Friday said that 6.5 million Windows PCs have been infected by the “Downadup” worm in the last four days, and that nearly 9 million have been compromised in just over two weeks.

Read entire article

January 17th, 2009 | Tags: , | Category: Market news | Leave a comment