http://spectrum.ieee.org/riskfactor/telecom/security/flame-ordered-to-flame-out/?utm_source=computerwise&utm_medium=email&utm_campaign=061312#.T9h_0yyImhk.mailto
"Flame's authors were able 'to generate a rogue Microsoft digital
code-signing certificate that allowed them to distribute the malware to
Windows computers as an update from Microsoft.' They accomplished this,
ComputerWorld says, by using a previously unknown cryptographic collision attack on the MD5 encryption algorithm (Stevens and company demonstrated one method in 2008) which Microsoft security engineers explain in a blog post here."
So why didn't Microsoft patch a known hole that they warned everybody else about 4 years ago? And how secure will the Internet be when we all know that our software updates might actually be downloading viruses instead? Thanks a lot Flame makers!
Internet Collective Action is people organizing in a nonhierarchical manner to accomplish a particular goal. The reward is in the doing, and how much or how little anyone participates is completely voluntary, depending on their abilities and commitment to the goal. By this process amazing things can be accomplished. ICA will grow so long as the Internet is free. http://www.lisamcpherson.org/pc.htm is an example of ICA.
No comments:
Post a Comment