<snip> >On 21/09/12 20:51, Albert-Jan Roskam wrote: >> Hi, >> >> My company just started application whitelisting. Now a new version of >>a (benign!!) dll does not work as it (or rather, its file hash, if I >>understood it correctly) is not whitelisted. > >Then get it whitelisted. If your company doesn't have the ability to >update the whitelist when your software updates, it's even more stupid >than it seems.
You are right, I should treat it like any other update. What I hate is the amount of paperwork and time involved. <snip> >It's worse than that. If the application whitelist is using md5 (and wanna >bet that at least 50% of the commercial whitelist software out there is?), >then it is already broken. An attacker can easily take an arbitrary >application, and generate a new application with the same MD5 sum and the >same length, differing by 128 bytes. > >http://www.mscs.dal.ca/~selinger/md5collision/ > Very interesting indeed! I noticed that the link to the original article was broken. This one works: http://www.infosec.sdu.edu.cn/uploadfile/papers/How%20to%20Break%20MD5%20and%20Other%20Hash%20Functions.pdf "In this paper we described a powerful attack against hash functions, and in particular showed that finding a collision of MD5 is easily feasible. Our attack is also able to break efficiently other hash functions, such as HAVAL-128, MD4, RIPEMD, and SHA-0." <snip> _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
