National Satellites are they Hackable ...!

According to

" http://www.infiltrated.net/amishAttacks.html "

reported on 9th april

"Security experts are reporting today that Amish hackers equipped with reverse engineered VCIM's have hacked into Instar's vehicle satellite navigation systems and are extorting Instar."

while some witnessess were also reported saying

"It's horrible. I was headed down Main Street and my Garmin told me to turn right. 20 minutes later not only was I was late for my interview, I went from being in Colorado to driving down Fifth Avenue in New York City." stated a visibly shaken John McSmith.

The article which reports the incident also shows pictures of the INstar device showing altered text. Although the authenticity of such news is a question in in itself but IMHO it seems practical to a point that the hacked VCIM can change the behavior of that particular device but not the satellite transmission itself. I would be looking forward for the details if any are released from some reliable source.

MD5 Practically Attacked

Although MD5 was theoretically cracked in 2004 by Chinese professor Wang Xiaoyun its practical attack scenario was not shown to the world which was mainly in my opinion due to the complexity of the method and ongoing research to minimize processing and computational power required and therefore detecting collision was not thought a practical approach. MD5 has already been abandoned by the more security savvy organization as their preferred mean of calculating hashes and digitally signing them.

In 2008 researchers from different parts of world gathered again knowing that enough research has been done to practically present the threat to those still using this weak algorithm and worked on finding collision - different messages having same MD5 hash - on MD5 signed SSL certificates and finally succeeded by the end of the year 2008 to create a fake CA certificate issuer and prove the practical implementation of the attack. The irony of the situation is that despite of the fact that MD5 has been proven to contain weakness in its hashing mechanisms many renowned Root CA's still use it.

The researchers disclosed their work at the 25C3 conference in Berlin on the 30th of December by creating a fake ssl certificate signed by RapidSSL which the researchers thought was the weakest of all. VeriSign, the issuers of RapidSSL certificates stopped using MD5 as their checksum algorithm for RapidSSL once the vulnerability was announced

More details can be found on the links mentioned below. 25C3 has also released the videos of the presentation on their website.

• Detailed explanation
• Slides from the 25c3 presentation
• Demo site (set your system date to August 2004 before clicking)

Although the private key of this was not released due to the danger of being misused by phishers the method itself was elaborated to a point that this could be done in a lesser amount of time.