Author Topic: Subversion Repositories Affected After Devs Tried to Add SHA-1 Test to Project  (Read 37 times)

0 Members and 1 Guest are viewing this topic.

Offline Quizmaster

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Posts: 23301
    • Smokey's Security Forums
  • .: Surf Queen
Subversion Repositories Affected After Devs Tried to Add SHA-1 Test to Project
« Reply #1 on: February 27, 2017, 04:53:52 PM »
Subversion Repositories Affected After Devs Tried to Add SHA-1 Test to Project
27 February 2017, 3:52 pm

Google managed to put in practice the first SHA1 collision attack, and problems are already being reported after the devs of the WebKit browser engine broke their Subversion (SVN) source code repository. 

The severe problems were noticed after attempting to add a test for the SHA-1 collision to the project, which caused the SVN repository to become corrupted before preventing further commits. 

It wasn't long after that when a Google update to the SHAttered website appeared to warn SVN users of the risks. Apache Subversion devs created a tool designed to prevent PDF files such as the ones Google managed to create from being committed. 

"Please exercise care, as SHA-1 colliding files are currently breaking SVN repositories. Subversion servers use SHA-1 for deduplication and repositories become corrupted when two colliding files are committed to the repository. This has been discovered in WebKit's Subversion repository and independ... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<

 


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques



Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks