This has a fairly crazy (but also dull) week as far as security things go. Here's a quick recap on the things I found the most interesting.
Who gets to define what malware is?
http://www.net-security.org/virus_news.php?id=857
Kaspersky Lab classified a program by a company named Zango as malware. Zango doesn't think their application is malware and sued Kaspersky. Kaspersky won the lawsuit, which is a great victory for the world of antivirus. This creates an rather unique question though. What is malware? Who gets to define it? No doubt to most people the answer to this question is rather obvious, but there are quite a number of companies who have questionable behavior.
Hack in the box
Two stories stood out this week:
NSA@home (DIY shared FPGA cracker)
Student, prof build budget supercomputer
These two stories lend themselves to an issue that quite a large number of people either like to ignore, or don't think about. Secrets today, are easily broken tomorrow. SHA-1 is a fairly new hashing algorithm and was though to be somewhat robust. This puts it in the same doghouse MD5 now lives in. It's only a matter of time before today's super computer will be available in a $5 calculator you can purchase in the checkout line. This means that while a 2048 bit key is great today, the neighbor kids will be able to crack our PGP mails in under an hour eventually. Sadly there isn't really a good answer to this problem other than ensuring that whatever you try to keep secret will be worthless information in 20 years.
