DigiNotar Breach Notes

Some folk have asked me for more details about the DigiNotar breach after my brief appearance on Al Jazeera this morning. So here are the notes I prepared for the segment. Links at the bottom. Background web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right …

Continue reading ‘DigiNotar Breach Notes’ »

Foiling EMI

Further to my rant yesterday about digital rights management, my friend Mark tells me that getting around the Coldplay X&Y copy protection is easy — just rip it on a Mac. He’s right, at least for me: Works like a dream, after no joy at all on two ThinkPads. This may not be true with …

Continue reading ‘Foiling EMI’ »

Whatever Happened to Geo-encryption?

Ok, not the question on the tip of your tongue, but bear with me. Geoencryption, or geo-encryption, boils down to: How about if you could only access data when you’re at a certain spot?  It’s not a new idea: the brains behind it, Dorothy Denning, a veteran of cryptology has been talking about it for …

Continue reading ‘Whatever Happened to Geo-encryption?’ »

Hang On, I’m Just Calling My Getaway Car

A bank in Chicago has banned use of cellphones in five of its branches, hoping to prevent the bad guys from communicating with each other during a robbery, according to UPI: “We ban cell phone use in the lobby because you don’t know what people are doing,” Ralph Oster, a senior vice president [of the …

Continue reading ‘Hang On, I’m Just Calling My Getaway Car’ »

Biometrics Close To The Bone

Further to my column about fingerprint biometric scanners (subscription only ), I’ve heard from  a company working on a different kind of biometric security: Via the bone. Last week, Mass.-based RSA Security Inc. (the guys who make the SecurID number tag, called ‘a two-factor user authentication system’ in the jargon) announced a joint research collaboration with …

Continue reading ‘Biometrics Close To The Bone’ »

Didtheyreadit’s Response To Privacy Issues Part II

More on Alastair Rumpell’s response to my privacy concerns about his new email monitoring service, didtheyreadit.  (Here’s the first one.) I wondered how the email addresses harvested by Rampell would be used (These would include all emails sent from and to recipients via the service since as far as I can understand it didtheyreadit, unlike …

Continue reading ‘Didtheyreadit’s Response To Privacy Issues Part II’ »

Going Public With Sensitive Data

Forget phishing for your passwords via dodgy emails. Just use Wi-Fi. Internet security company Secure Computing Corporation have today released a report prepared by security consultants Canola/Jones Internet Investigations which “documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks.”  The full …

Continue reading ‘Going Public With Sensitive Data’ »

News: Beware The Password

 As if you didn’t know it already, (and I’ve posted about this before) your Windows passwords are not safe. According to an article on TechExtreme, some Swiss researchers have published a paper detailing how to crack Windows computers protected by alphanumeric passwords in an average of 13.6 seconds.   Their approach can crack 99.9 percent …

Continue reading ‘News: Beware The Password’ »

News: Cracking a Password is Fast

Now your Microsoft Windows password can be cracked in 13.6 seconds, a vast improvement over the slow and tedious 101 seconds it took previously. An improved cryptanalytic method uses large amounts of memory–in this case, 1.4 GB–to speed its cracking of keys, says Security Wire Digest. I won’t bore you with how they did it. …

Continue reading ‘News: Cracking a Password is Fast’ »