Category Archives: Security

SHA-1 broken

Seems that a team around Google managed to hit the first SHA1 Collision, creating two identical SHA1 checksums for two absolutely different documents.

At current time, they took about nearly 7000 years of single-CPU and GPU calculation (12 million GPU years) – but we had similar high rates at first attack on PPTP. As we all know, in 2012 it only took 23 hours to attack PPTP due to faster computing power. Within a few more years of development, SHA1 attack might work in similar timeframes.

http://shattered.io/

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Flaw in Intel C2000 Chipset series

Ok, we all heard or read that there is a flaw in a series of Intel’s Avoton CPUs. Currently, it seems the only “official” statement is the following quote from The Register:

The well-placed insider, who spoke to The Register on condition of anonymity, said the problem – which results in bricked systems – became apparent to engineers at product makers when the return rate on gear spiked about 18 months ago.

We have a “well-placed insider” who wants to remain anonymous, and based on this everyone starts to blame hardware vendors that do have this Chip installed ? It seems the only official statement at this time from Intel – the guys that produce the CPU itself – is the following:

“AVR54: System May Experience Inability to Boot or May Cease Operation” … “The SoC LPC_CLKOUT0 and/or LPC_CLKOUT1 signals (Low Pin Count bus clock outputs) may stop functioning.”

http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf

According to my experience, ANY computer related product may stop functioning without any further warning. According to Intel, C2000 Series seems to have a slightly higher possibility that they may stop functioning. 

Let’s face the truth – those devices out there are runnnig for more than 18 months. Most of them did not fail, otherwise we would have already read about “All units of Series xxx of company yyy are dying after short time of usage” in the usual news.

Moving from HMA to IPVanish

As some of you out there, I am using a VPN software from time to time to hide my original identity when browsing the net. One of the main reasons is the high censorship – and lawyers waiting about to sue you after accidentally visiting a “wrong” site, here in germany,

Previously I used HMA – “Hide my Ass” for my privacy. They offer a simple UI, Android client, lots of servers worldwide and they also provide a manual about how to setup your Synology NAS to work with HMA.

Also, when just browsing for “good VPN provider” they are in the top list. So, that was my previous reason.

I guess I took this the too easy way, and I must admit that I did not check for any details when I started to use them. After some time I read some bad news.

-https://vpn.hidemyass.com/vpncontrol/privacy.html

Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our Site and our services. We may store this data for up to two years, unless we are required, for legal reasons or under exceptional circumstances, to retain this data for an extended period.

And yes, HMA is able to track down the IP address of any connection to any user (found at Reddit):

View post on imgur.com

After this, I cancelled my account immediately and searched for another VPN provider. My current favourite is IP Vanish, which offers similar services but no trackable logging. They do not offer a detailed setup, but it was a simple way to also configure my Synology NAS for using IP Vanish.