It looks like SHA-1 has been further broken, allowing the attacker to choose some of the text in the collision.

"Cryptographic experts at the Crypto 2006 conference have demonstrated a modified method of attack against a reduced variant of the SHA-1 hash algorithm. The new method is an attack which, for the first time, allows at least a part of the message to be freely selected, for example as straight text. Previous approaches, for example the collision attack by Xiaoyun Wang and her team, which attracted considerable attention, were merely able to produce almost completely different hash twins of the same length, both consisting of meaningless gibberish."

SHA-1 hash function under pressure

The House Committee on the Judiciary today approved the Internet Freedom and Nondiscrimination Act (HR 5417) in a vote of 20-12. This particular 'Net neutrality bill would make it an antitrust violation to "block impair, discriminate or interfere with anyone’s services or applications or content," but the bill also addresses service improvements on top of the status quo. If a provider were to offer increase VoIP performance, for instance, the bill would require such providers to prioritize or offer enhanced quality of service "to all data of that type... without imposing a surcharge or other consideration for such prioritization or enhances quality of service."

This bill will die very quickly, I think. I'd like to be optimistic, but I just don't see something like this having any chance of passing.

Strict Net neutrality passes House Committee, but fate is rather uncertain

Lamar Smith has a nack for writing bills that I hate, but this rule change is baddly needed and I support it.

Chairman Lamar Smith (TX-21) today introduced the “Orphan Works Act of 2006” (H.R. 5439), which creates new guidelines for use of copyrighted material when the original owner cannot be located.

©opyBites: Copyright Law Blog: Orphan Works Legislation

The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts.

The powers are contained within Part 3 of the Regulation of Investigatory Powers Act (RIPA). RIPA was introduced in 2000, but the government has held back from bringing Part 3 into effect. Now, more than five years after the original act was passed, the Home Office is seeking to exercise the powers within Part Three of RIPA.

UK Government to force handover of encryption keys

Reshef's Silicon Valley company, Blue Security Inc., simply asked the spammers to stop sending junk e-mail to his clients. But because those sort of requests tend to be ignored, Blue Security took them to a new level: it bombarded the spammers with requests from all 522,000 of its customers at the same time.

That led to a flood of Internet traffic so heavy that it disrupted the spammers' ability to send e-mails to other victims -- a crippling effect that caused a handful of known spammers to comply with the requests.

Then, earlier this month, a Russia-based spammer counterattacked, Reshef said. Using tens of thousands of hijacked computers, the spammer flooded Blue Security with so much Internet traffic that it blocked legitimate visitors from going to Bluesecurity.com, as well as to other Web sites. The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.

Today, Reshef will wave a virtual white flag and surrender. The company will shut down this morning and its Web site will display a message informing its customers about the closure.

In the Fight Against Spam E-Mail, Goliath Wins Again

Blackbox Voting has released a report claiming security flaws in TSx/TS6 Diebold machines. The report is, quite understandable, extremely light on details. http://www.freedom-to-tinker.com has a blog post about this as well.

Diebold TSx Evaluation

A remarkably unacceptable treaty proposal is currently being pushed through the U.N. World Intellectual Property Organization's Standing Committee on Copyright and Related Rights, seemingly concieved by the RIAA and MPAA and backed by traditional old-line media businesses. The Broadcasting Treaty, currently undergoing review at a UN convention in Geneva, Switzerland, contains passages that would severely restrict the concepts of fair use and freedom of speech—on a global level. IP Watch has an excellent overview of the issues:

UN Broadcasting Treaty seen as severely limiting essential freedoms

Cameron Wilson at the USACM Policy Blog writes about a Cato Institute event about copyright policy, which was held Wednesday. The panel on the DMCA was especially interesting. (audio download; audio stream; video stream)

Copyright policy event @ cato

Last week, Attorney General Alberto Gonzales, a Republican, gave a speech saying that data retention by Internet service providers is an "issue that must be addressed." Child pornography investigations have been "hampered" because data may be routinely deleted, Gonzales warned.

Now, in a demonstration of bipartisan unity, a Democratic member of the Congressional Internet Caucus is preparing to introduce an amendment--perhaps during a U.S. House of Representatives floor vote next week--that would make such data deletion illegal.

Colorado Rep. Diana DeGette's proposal (click for PDF) says that any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could not be discarded until at least one year after the user's account was closed.

Congress may consider mandatory ISP snooping

SAN FRANCISCO, April 28 — The government asked a federal judge here Friday to dismiss a civil liberties lawsuit against the AT&T Corporation because of a possibility that military and state secrets would otherwise be disclosed.

U.S. Steps Into Wiretap Suit Against AT&T