The SHA-1 hash function, touted for a few years as more secure than MD5, has
apparently been broken. What this means is that (assuming that the details check out), for any file (such as a digital signature) with a SHA-1 checksum, an attacker can create an alternative file with the same checksum in a sufficiently short time to make it practical. Which means that, with a modern computer, script kiddies, online fraudsters and others will soon be able to create genuine-looking digital signatures on demand. (via Techdirt)