SoylentNews

Microsoft Kills SHA-1 Support in Edge, Internet Explorer 11

posted by mrpg on Saturday May 13 2017, @07:27AM   
from the c80eab5af3a3b8ab69c0e3a3d444540f2d740c76 dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

"Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and to display an invalid certificate warning," the company announced.

The change, however, impacts only SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. This means that enterprises or self-signed SHA-1 certificates won't be affected by this. They are, however, encouraged to migrate to SHA-2 based certificates as fast as possible.

"Microsoft recommends that all customers migrate to SHA-2, and the use of SHA-1 as a hashing algorithm for signing purposes is discouraged and is no longer a best practice. The root cause of the problem is a known weakness of the SHA-1 hashing algorithm that exposes it to collision attacks. Such attacks could allow an attacker to generate additional certificates that have the same digital signature as an original," the company notes.

Source: Microsoft Kills SHA-1 Support in Edge, Internet Explorer 11

---

Original Submission

• Re:(lazzy editing) Re:(lazzy editing) (Score: 0) by Anonymous Coward on Saturday May 13 2017, @11:33AM (11 children)

  by Anonymous Coward on Saturday May 13 2017, @11:33AM (#509093)

  You think we have Eidtors on Duty? How quaint.

  We don't? How queer!

  Often they even have to go find the damned things first. Which, come to think of it, is pretty damned sad when there are more than twenty thousand times that many people visiting the site on any given weekday.

  And you don't see any problem when the soylents actually submit breaking-news stories and those stories lag until they are no longer breaking, not even news.
  What a great motivation for submitting stories, right?

  Also, and let me be very clear on this, we are not a news reporting site. We are a news aggregation

  Heaps of links to breaking news to be aggregated into a story, go check the pending queue.

  If we notice it's both important and time sensitive, we'll push it out quickly as breaking news but Yet Another Tedious Exploitation does not warrant that unless A) the attack is severe B) ongoing C) TFA has mitigation information and D) it doesn't primarily affect people who utterly did not give a damn about securing their shat.

  Right, 100 countries affected is not severe, is it now?
  Chaos in the UK medical system, with ambulances diverted [cnbc.com], is not threatening, just a usual fact of life on countries other-that-the-mighty-US.

  Maybe you don't give a shit about people not giving a shit about security.
  How would you feel if your open heart surgery that you need is cancelled [ft.com] because of a ransomware attack perpetrated with NSA tools [forbes.com]?
  Sure those surgeons should drop everything they're doing, secure those damn'd WindowXP-es and let Jeremy Cunt sleep well after cancelling a pricey support package in 2015 as a cost-saving measure. [theregister.co.uk]. Cost saving and "starve the beast" is a so trivial fact of life it doesn't worth discussing.

  Finally, abusing editors is my job, thank you very much, and I'll appreciate you not horning in on it.

  You can continue to abuse them whenever/whatever you like.
  Me?... I'm only exercising my right to free-speech, I hope you won't object to that.
  Oh, my speech actually abused the editors? Sorry, I though that TMB knows better than to select special snowflakes as editors.

  (large trollish grin. Thanks for the fun!).

  PS - are you sure soylenters still don't have enough to discuss even with the links I posted in this reply?

  Parent

• Re:(lazzy editing) Re:(lazzy editing) (Score: 2) by takyon on Saturday May 13 2017, @11:40AM (1 child)

  by takyon (881) <takyonNO@SPAMsoylentnews.org> on Saturday May 13 2017, @11:40AM (#509094) Journal

  It will run in 2 hours. You can drop it already.

  --
  [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

  Parent

  • Re:(lazzy editing) (Score: 2) by c0lo on Saturday May 13 2017, @01:20PM

    by c0lo (156) on Saturday May 13 2017, @01:20PM (#509132) Journal

    You can drop it already.

    Oh, don't take it so serious.
    Be honest, admit it. If not for me trolling this FA, you'd have a blank page here.
    And I wasn't even outrageous in my trolling.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

    Parent

• Re:(lazzy editing) Re:(lazzy editing) (Score: 2) by The Mighty Buzzard on Saturday May 13 2017, @11:52AM (7 children)

  by The Mighty Buzzard (18) <themightybuzzard@proton.me> on Saturday May 13 2017, @11:52AM (#509099) Homepage Journal

  How would you feel if your open heart surgery that you need is cancelled because of a ransomware attack perpetrated with NSA tools?

  I'd feel pretty damned good about it. Maybe the bastards will secure their shit now. This is one of the best possible things anyone could have done to all affected; make them open their wallet.

  --
  My rights don't end where your fear begins.

  Parent

  • Re:(lazzy editing) Re:(lazzy editing) (Score: 0) by Anonymous Coward on Saturday May 13 2017, @01:15PM (6 children)

    by Anonymous Coward on Saturday May 13 2017, @01:15PM (#509131)

    Maybe the bastards will secure their shit now.

    Yeah.
    Perhaps asking for the same volunteering spirit (and speed) as for SN editors will get them to install a Linux or a BSD on those machines, 'cause there's no money in UK's health budget to upgrade from WinXP.

    (grin)

    Parent

    • Re:(lazzy editing) Re:(lazzy editing) (Score: 2) by The Mighty Buzzard on Saturday May 13 2017, @01:29PM (5 children)

      by The Mighty Buzzard (18) <themightybuzzard@proton.me> on Saturday May 13 2017, @01:29PM (#509133) Homepage Journal

      Is there money to pay the ransom?

      --
      My rights don't end where your fear begins.

      Parent

      • Re:(lazzy editing) Re:(lazzy editing) (Score: 2) by c0lo on Saturday May 13 2017, @02:53PM (4 children)

        by c0lo (156) on Saturday May 13 2017, @02:53PM (#509169) Journal

        Funny enough.], it seems like paying the ransom once is cheaper in this case.
        That is... if you don't take into account the cost of the chaos; but who in her/his full mind would look into those costs? The path to freedom (or death) is capitalism, and everybody knows the capitalism is about privatizing the profit and socializing the cost/risk.

        --
        https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

        Parent

        • Re:(lazzy editing) Re:(lazzy editing) (Score: 2) by The Mighty Buzzard on Saturday May 13 2017, @03:36PM (3 children)

          by The Mighty Buzzard (18) <themightybuzzard@proton.me> on Saturday May 13 2017, @03:36PM (#509182) Homepage Journal

          Only if you're either scum or a socialist. But I repeat myself.

          --
          My rights don't end where your fear begins.

          Parent

          • Re:(lazzy editing) Re:(lazzy editing) (Score: 1) by Scruffy Beard 2 on Saturday May 13 2017, @04:03PM (1 child)

            by Scruffy Beard 2 (6030) on Saturday May 13 2017, @04:03PM (#509190)

            Your're not saying that only scum or Socialists understand Capitalism, are you?

            Parent

            • Re:(lazzy editing) (Score: 2) by The Mighty Buzzard on Saturday May 13 2017, @04:37PM

              by The Mighty Buzzard (18) <themightybuzzard@proton.me> on Saturday May 13 2017, @04:37PM (#509202) Homepage Journal

              No, I'm saying only they misunderstand it in that particular way.

              --
              My rights don't end where your fear begins.

              Parent

          • Re:(lazzy editing) (Score: 2) by c0lo on Saturday May 13 2017, @10:02PM

            by c0lo (156) on Saturday May 13 2017, @10:02PM (#509266) Journal

            Only if you're either scum or a socialist. But I repeat myself.

            Well, I'm redunduntly both, you'll have to live with it.
            But I don't worry, you'll manage fine. A thick rind is all you need.

            --
            https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

            Parent

• Re:(lazzy editing) (Score: 2) by NotSanguine on Sunday May 14 2017, @05:01AM

  by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Sunday May 14 2017, @05:01AM (#509358) Homepage Journal

  Maybe you don't give a shit about people not giving a shit about security.
  How would you feel if your open heart surgery that you need is cancelled [ft.com] because of a ransomware attack perpetrated with NSA tools [forbes.com]?
  Sure those surgeons should drop everything they're doing, secure those damn'd WindowXP-es and let Jeremy Cunt sleep well after cancelling a pricey support package in 2015 as a cost-saving measure. [theregister.co.uk]. Cost saving and "starve the beast" is a so trivial fact of life it doesn't worth discussing.

  And because SoylentNews didn't run this story on your timeline, SN is responsible for any deaths from a lack of open heart surgery, right?

  Is that your beef? Or are you just annoyed that you don't control the order in which stories are posted?

  --
  No, no, you're not thinking; you're just being logical. --Niels Bohr

  Parent