Some people have asked me why I can’t let it rest and have the whole story with my former employer forgotten and buried once and for all. Well, what would you do in case your employer (or former employer) isn’t paying you as stated in the employment agreement and causes a lot of trouble because of problems with health insurance and other things? What, if your former employer wouldn’t even reply to you ever, even to registered letters? What, if your former employer would tell you that the overtime, the flextime and the vacation that you had collected were suddenly void? What, if your former employer would have invalidated your key to the company premises and told the receptionists to not let you into the premises of the company by any means (talking about a so-called “business-hotel”)? What, if after such an incident the former employer told you that you left your work without being allowed a leave, while earlier having you given the oral and written permission? Does that sound like a professional relationship between employer and employee?
Continue reading ‘Why I can’t move on …’
Daily Archive for December 1st, 2007
Commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce commerce.
// Oliver 
Scientists have shown that the attack method devised against MD5 in 2004 is usable and can even trick code-signing tools into “believing” that the binary is the same.
We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.
(Quote from the linked page)
What are the implications? Well, the worst and foremost is, that an attacker can put malicious code under the disguise of a valid and trusted signature. As an example: an elaborate attack could use a driver signed by Microsoft, and his own rootkit to create a content that is indistinguishable by MD5 hash. Thus allowing the attacker to trick the victim into believing that the code was signed by Microsoft – which is ultimately trusted on most Windows systems by default.
// Oliver