Uwe Hermann | A slightly paranoid Debian developer

Let me quote Bruce Schneier here, as I couldn't possibly express it any clearer:

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

Apparently the research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have written a paper (which is not yet generally available) with more details on the attack.

If this really holds, this will surely have severe implications on the security and encryption world. Seems like we're slowly running out of hash functions, as MD5 unfortunately has its own problems, too.

A nice article called Absolutely Del.icio.us - Complete Tool Collection over at Quick Online Tips That Work lists a lot of tools and frontends to del.icio.us which you might want to checkout.

If you don't already know about del.icio.us, checkout this beginner's guide to del.icio.us.

Have you ever wondered which are the oldest .com domains still registered today? Well, now you know.
Ok, the list is from whoisd.com which says "last updated 1/25/2003", but still. There are some interesting entries there, have a look.

Google plans to support the free online encyclopedia Wikipedia with servers and bandwidth.
Jimmy Wales, founder of the Wikipedia, has talked to Sergei Brin and Larry Page (the founders of Google) already, and a discussion between them and the Wikimedia Foundation on a private IRC channel is planned.
The offer is said to be with no strings attached, i.e. Wikipedia doesn't have to place Google AdWords in their pages in return.

This will surely raise quite a heated debate, as many might fear that the Wikipedia will not remain independent anymore...

(via google-blog.dirson.com and Golem)

An email from the admin group has reached me (and presumely all students and researchers at the Computer Science department of the Technical University of Munich) today at 14:10 CET.

According to their information almost all computers in the department (Linux boxes on Intel, SunOS/Solaris on SPARCs and several other architectures and OSes, I guess) have been compromised.
Someone seems to have retrieved the shadow file(s) with the encrypted user passwords. Two cases have already become known where private user data was accessed using cracked passwords, presumely from the stolen shadow file(s).

Students and researchers are advised to change their passwords as soon as possible. This also affects email, as the same password is used for IMAP/POP3 at the department. Also, one should check all computers, websites etc. where you can login without supplying a password, as those might be compromised, too.
As a preventive measure, user accounts are now handled via LDAP and user accounts where the password isn't changed soon, will be disabled.

As of now, there's no information available how the attackers got hold of the shadow file(s), i.e. which vulnerability in which service they exploited etc.

Update: The whole announcement of the admin group is now available from http://wwwrbg.in.tum.de/passwort_aendern.html (German).