Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Crypto attack puts digital sig hash on collision course

Built to ensure the reliability of digital signatures, the SHA-1 hash algorithm was once thought to be breakable only by large governments that have the processing power compromise such digital signatures used to sign e-mail and validate websites. A group of cryptographers has proven the SHA-1 algorithm isn’t as bullet-proof as believed. Still providing a very strong defense, it was discovered the SHA-1 can now be subject to practical attacks that are well within the grasp of well-funded organizations.

Click here for more information.

Apple fans targeted by smut-punting malware

The Jahlav-C Trojan was designed specifically to attack Macs. Posing as an ActiveX update the user is asked to install the update in order to see online videos. In addition to the Jahlav-C there is a new worm that is OS X-specific that is spread via e-mail.

Click here for more information.

Security holes poked in Chinese compulsory PC filter plan

Privacy activists express concern over the state directive to have the China-produced software, Green Dam Youth Escort, installed on any PC delivered to China starting July 1 of 2009. Items noted include the fact the software only works with IE or Google Chrome on Windows. The software does not currently support Firefox, Mac or Linux systems. The other issue regarding having software installed on every PC relates to upgrades and maintenance hurdles to handle issues that arise for all of the PCs to be in China.

Comment: The story raises interesting points, the validity of which still needs to play out. However, in theory good points are raised. One item raised is with ability of China to turn this China-based software into a massive, ready-to-march botnet that could be used to launch attacks. It is not saying this will be done, but the theory is there for this to occur, no matter which country is using what software that is to be installed on PCs.

Click here for more information.

The Internet is incomplete, says its co-designer, Vinton Cerf

During a speech Vinton Cerf one of the most critical needs of the Internet is that of authentication. “Anyone who performs transactions over the Internet … should be deeply concerned about that technology.” One area is authentication at the DNS level. Another is the unavailability of end-to-end authentication. While tunnels can be created using SSL, viruses can still be transmitted through secure tunnels. Vint also talked about the lack of authentication in today’s mobile market, a market that is quickly growing.

Click here for more information.