Apr 29 2009

Australian Gov’t Offers $560k Cryptographic Protocol For Free

mask.of.sanity writes “Australia’s national welfare agency will release its ‘unbreakable’ AU0,000 smart card identification protocol for free. The government agency wants other departments and commercial businesses to adopt the Protocol for Lightweight Authentication of ID (PLAID), which withstood three years of design and testing by Australian and American security agencies. The agency has one of Australia’s most advanced physical and logical converged security systems: staff can access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments. PLAID, which will be available soon, is to be used in the agency’s incoming fleet of contact-less smartcards that are currently under trial by staff. It will replace existing identity cards that operate on PKI encryption.”

Read more of this story at Slashdot.


Share

Apr 24 2009

Obama To Get Secure BlackBerry 8830

CWmike writes “President Barack Obama is set to receive a high-security BlackBerry 8830 soon, The Washington Times reported today. The device is said to be in the final stages of development at the National Security Agency, which will check that its encryption software meets federal standards. It might not be ready for months. It was reported that Obama will be able to send text and e-mail messages and make phone calls on the device, but only to those with the secure software loaded on their own devices. The list includes First Lady Michelle Obama and top aides. The security software is made by Genesis Key, whose CEO, Steven Garrett, is quoted as saying: ‘We’re going to put his BlackBerry back in his hand.’ The Sectera Edge was pegged in January by analysts as the top device choice because of its reputation for secure data communications when used by other federal workers. And there are many reasons why Obama might have been told ‘no’ on his BlackBerry. But Obama may wish he had chosen a Sectera if BlackBerry has more outage problems like its latest last week, which meant no mobile e-mail for hours across the US.”

Read more of this story at Slashdot.

Share

Apr 19 2009

Anonymous Network I2P 0.7.2 Released

Mathiasdm writes “The Invisible Internet Project, also known as I2P, has seen its 0.7.2 release (download). I2P uses multiple encryption layers, and routing through several other computers to hide both sender and receiver of messages. On top of the network, regular services such as mail, browsing, file sharing and chatting are supported. This release (and all of the releases since 0.7) is at the start of a new development period, in which the I2P developers wish to spread the word about the secure network. This new release includes performance improvements, a first edition of an experimental new desktop interface and security improvements (by limiting the number of tunnels a single peer can participate in).”

Read more of this story at Slashdot.

Share

Apr 17 2009

Native Encryption Comes to Solid State Disks, Dell Laptops

Samsung announced the first line of consumer solid state laptop and drives for handhelds that encrypt all data written to them.

Share

Apr 15 2009

Subverting PIN Encryption For Bank Cards

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: “According to the payment-card industry … standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer’s bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module’s application programming interface, or API. ‘Essentially, the thief tricks the HSM into providing the encryption key,’ says Sartin. ‘This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'”

Read more of this story at Slashdot.

Share

Mar 24 2009

HP’s Free Adobe Flash Vulnerability Scanner

Catalyst writes “SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities. The scan detects things like XSS, SQL inside of the Flash app, hard-coded authentication credentials, weak encryption, insecure function calls, cross-domain privilege escalation, and violations of Adobe’s security recommendations. There is also this video explaining a real, and amusing, attack against a Flash app. These issues are fairly widespread, with over 35% of SWF applications violating Adobe security advice.”

Read more of this story at Slashdot.

Share

Mar 23 2009

Linux Kernel 2.6.29 Released

diegocgteleline.es writes “Linus Torvalds has released Linux 2.6.29. The new features include the inclusion of kernel graphic modesetting, WiMAX, access point Wi-Fi support, inclusion of squashfs and a preliminary version of btrfs, a more scalable version of RCU, eCryptfs filename encryption, ext4 no journal mode, OCFS2 metadata checksums, improvements to the memory controller, support for filesystem freeze, and other features. Here is the full list of changes.”

Read more of this story at Slashdot.

Share

Mar 18 2009

The Emerging Science of DNA Cryptography

KentuckyFC writes “Since the mid 90s, researchers have been using DNA to carry out massively parallel calculations which threaten encryption schemes such as DES. Now one researcher says that if DNA can be used to attack encryption schemes, it can also protect data too. His idea is to exploit the way information is processed inside a cell to encrypt it. The information that DNA holds is processed in two stages in a cell. In the first stage, called transcription, a DNA segment that constitutes a gene is converted into messenger RNA (mRNA) which floats out of the nucleus and into the body of the cell. Crucially, this happens only after the noncoding parts of the gene have been removed and the remaining sequences spliced back together.” (More below.)

Read more of this story at Slashdot.

Share

Mar 18 2009

EPIC Urges FTC To Investigate Google Services

snydeq writes “The Electronic Privacy Information Center filed a 15-page complaint asking the FTC to force Google to stop offering online services that collect data until the presence of adequate privacy safeguards is verified. The EPIC also wants Google to disclose all data loss or breach incidents, citing several incidents where data held by Google was at risk, the most recent of which occurred earlier this month with its Google Docs. The EPIC complaint [PDF] also listed other security flaws in Gmail and Google Desktop, a desktop indexing program, and urged Google to donate million to a public fund that will support research into technologies such as encryption, data anonymization and mobile location privacy.” EPIC has raised privacy concerns about Google before, and about Windows XP as well.

Read more of this story at Slashdot.

Share

Mar 18 2009

Amazon Sued Over E-Book DRM Patent

I Don’t Believe in Imaginary Property writes “Discovery Communications, the parent company of the Discovery Channel, is alleging that Amazon’s Kindle e-book reader infringes upon their patent for DRM-encumbered e-books (Discovery’s complaint, PDF). The patent in question was filed back in 1999 and issued in 2007 — coincidentally one day after Kindle 1.0 went on the market — and has claims for DRM implemented with a great many particular symmetric key ciphers and key exchange algorithms, (the patent has 171 claims). Unlike most software patents, this one goes into quite a lot of detail about how the encryption is to be performed. But it will still be interesting to see if it can pass the ‘machine or transformation’ test now that In Re Bilski is being accepted as precedent. After all, it seems like all of these encryption and e-book distribution schemes could be run on a general-purpose PC, so is the ‘invention’ actually tied to a ‘particular machine or apparatus’ just because an e-book ‘viewer’ (not to mention ‘home system’, ‘library’, and ‘kiosk’) happens to be specified in the patent’s claims? Or can the encryption of an e-book be claimed as some kind of ‘transformation’ when the law in that area is especially murky — when no one knows how In Re Bilski may affect the precedent of In Re Schrader?”

Read more of this story at Slashdot.

Share