Cody Taylor

gurps_npc writes “Forensics Innovations claims to have for sale a product that detects headerless encrypted files, such as TrueCrypt Dynamic files. It does not decrypt the file, just tells you that it is in fact an encrypted file. It works by detecting hidden patterns that don’t exist in a random file. It does not mention stenography, but if their claim is true, it seems that it should be capable of detecting stenographic information as well.”

Read more of this story at Slashdot.

iago-vL writes “Despite having their domain blacklisted by Conficker, the folks at Nmap have released version 4.85BETA8, which promises better detection of the Conficker worm. How? By talking to it on its own peer-to-peer network! By sending encrypted messages to a suspect host, the tools will get Conficker.C and higher to reveal itself. This curious case of using Conficker’s own tricks to find it is similar to the last method that we discussed. More information from the author is available, as well as a download for the new release (or, if you’re a Conficker refugee, try a mirror instead).”

Read more of this story at Slashdot.

An anonymous reader asks “Is there a solution for online storage of encrypted data providing encrypted search and similar functions over the encrypted data? Is there an API/software/solution or even some online storage company providing this? I don’t like Google understanding all my unencrypted data, but I like that Google can search them when they are unencrypted. So I would like to have both: the online storage provider does not understand my data, but he can still help me with searching in them, and doing other useful stuff. I mean: I send to the remote server encrypted data and later an encrypted query (the server cannot decipher them), and the server sends me back a chunk of my encrypted data stored there — the result of my encrypted query. Or I ask for the directory structure of my encrypted data (somehow stored in my data too — like in a tar archive), and the server sends it back, without knowing that this encrypted chunk is the directory structure. I googled for this and found some papers, however no software and no online service providing this yet.” Can anyone point to an available implementation?

Read more of this story at Slashdot.

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: “According to the payment-card industry … standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer’s bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module’s application programming interface, or API. ‘Essentially, the thief tricks the HSM into providing the encryption key,’ says Sartin. ‘This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'”

Read more of this story at Slashdot.

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack,…

It looks like Hulu’s trying yet another ill-fated tactic to keep its content restricted to traditional browsers and off things like Boxxee — TunerFreeMCE’s Martin Millmore says Hulu’s HTML is now encrypted at the source and then decrypted using Javascript on the client…

Island Dog sends news that shortly after Valve showed off their new anti-piracy methods in Steamworks, Microsoft and Stardock were quick to demonstrate their new, similar technologies as well. All three companies are bending over backwards to say that this is not traditional DRM. Stardock (the company behind the Gamer’s Bill of Rights) calls their system Game Object Obfuscation (Goo), “a tool that allows developers to encapsulate their game executable into a container that includes the original executable plus Impulse Reactor, Stardock’s virtual platform, into a single encrypted file. When a player runs the game for the first time, the Goo’d program lets the user enter in their email address and serial number which associates their game to that person as opposed to a piece of hardware like most activation systems do. Once validated, the game never needs to connect to the Internet again.” Microsoft’s update to Games for Windows Live has similar protections. “You can sign in and play your game on as many systems as possible, but you have to have a license attached to your account. Of course, this only works for online games.”

Read more of this story at Slashdot.

The tracker is based on the same OpenTracker software that the Pirate Bay has been using for the last couple of years. “By using BitTorrent we can reach our audience with full quality, unencrypted media files. Experience from our early tests show that if we’re the best provider of our own content we also gain control of it.”

eirikso writes with an interesting story from Norway; the state broadcaster there has decided to put up some of its content on BitTorrent. “The tracker is based on the same OpenTracker software that the Pirate Bay has been using for the last couple of years. By using BitTorrent we can reach our audience with full quality, unencrypted media files. Experience from our early tests show that if we’re the best provider of our own content we also gain control of it.”

Read more of this story at Slashdot.

An anonymous reader writes “If you’re planning on traveling internationally with a laptop, consider the following: District Court Overturns Magistrate Judge in Fifth Amendment Encryption Case. Laptop searches at the border have been discussed many times previously. This is the case where a man entered the country allegedly carrying pornographic material in an encrypted file on his laptop. He initially cooperated with border agents during the search of the laptop then later decided not to cooperate citing the Fifth Amendment. Last year a magistrate judge ruled that compelling the man to enter his password would violate his Fifth Amendment right against self-incrimination. Now in a narrow ruling, US District Judge William K. Sessions III said the man had waived his right against self-incrimination when he initially cooperated with border agents.” sohp notes that “the order is not that he produce the key — just that he provide an unencrypted copy.”

Read more of this story at Slashdot.