Some folk have asked me for more details about the DigiNotar breach after my brief appearance on Al Jazeera this morning. So here are the notes I prepared for the segment. Links at the bottom. Background web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right company or organisation. It allows a user to set up a secure connection between their computer and the organisation’s website. Browsers will show a little lock or some other icon to signify the certificate has been found and is trusted. Hackers broke into a Dutch company called DigiNotar, itself owned
Further to my rant yesterday about digital rights management, my friend Mark tells me that getting around the Coldplay X&Y copy protection is easy — just rip it on a Mac. He’s right, at least for me: Works like a dream, after no joy at all on two ThinkPads. This may not be true with all copies of the CD. I bought mine in Hong Kong in 2005, although it appears to be imported from Europe. A piece on ConsumerAffairs says the “CD’s restrictions also prevent it from being played or copied on Macintosh PCs.” Some folk reported problems playing it on their Macs. Hopefully
Ok, not the question on the tip of your tongue, but bear with me. Geoencryption, or geo-encryption, boils down to: How about if you could only access data when you’re at a certain spot? It’s not a new idea: the brains behind it, Dorothy Denning, a veteran of cryptology has been talking about it for at least a decade. When people were last getting excited about it, in the wake of 9/11, it was all about movie studios being able to release films digitally confident that only movie theaters could decrypt them, or coded messages to embassies only be deciphered within the building itself. Now
A bank in Chicago has banned use of cellphones in five of its branches, hoping to prevent the bad guys from communicating with each other during a robbery, according to UPI: “We ban cell phone use in the lobby because you don’t know what people are doing,” Ralph Oster, a senior vice president [of the First National Bank], told the Chicago Tribune. Cell phone cameras are also a worry. Oster said there have been holdups in which bandits were on the phone with lookouts outside while committing bank robberies. As the piece points out, this isn’t the first such ban: West Suburban Bank, based in
I started writing about phishing a long time ago, it seems now. It must be at least two years, I think, maybe more. Then it seemed a very obscure activity, and I can recall one editor being less than impressed with the whole issue. Now it’s bigger than even I thought it might be. [Insert some statistic here to illustrate size of problem, usually cobbled together by someone hoping to make money out of scaring people.] But it remains scary, because phishers are getting better. Don’t be taken in by the rather pathetic attempts that sometimes land in your inbox. Phishing — the art of
Further to my column about fingerprint biometric scanners (subscription only ), I’ve heard from a company working on a different kind of biometric security: Via the bone. Last week, Mass.-based RSA Security Inc. (the guys who make the SecurID number tag, called ‘a two-factor user authentication system’ in the jargon) announced a joint research collaboration with Israel’s i-Mature, specialists in ‘online age recognition’. The two vow to bring together RSA Security’s cryptographic expertise and i-Mature’s Age-Group Recognition (AGR) technology to “work towards a unique solution that would genuinely improve the safety of the Internet for children, by enabling both adult and children’s sites to restrict their content
More on Alastair Rumpell’s response to my privacy concerns about his new email monitoring service, didtheyreadit. (Here’s the first one.) I wondered how the email addresses harvested by Rampell would be used (These would include all emails sent from and to recipients via the service since as far as I can understand it didtheyreadit, unlike MSGTAG, would work via tagging the email address, not the email itself. This would involve collecting the email address of sender and recipient). Alastair’s response: “We don’t harvest any e-mail addresses—I wasn’t sure to which e-mail addresses you are referring. We can send you e-mails to the account you register
Forget phishing for your passwords via dodgy emails. Just use Wi-Fi. Internet security company Secure Computing Corporation have today released a report prepared by security consultants Canola/Jones Internet Investigations which “documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks.” The full report is available (in PDF format) here. Posing as a business traveler, the author “found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information”. Wireless access points are especially vulnerable: “Tests conducted at an airport Internet cafe and at a popular chain of coffee
As if you didn’t know it already, (and I’ve posted about this before) your Windows passwords are not safe. According to an article on TechExtreme, some Swiss researchers have published a paper detailing how to crack Windows computers protected by alphanumeric passwords in an average of 13.6 seconds. Their approach can crack 99.9 percent of all alphanumerical passwords in 13.6 seconds, against a previous 101 seconds. The bottom line: When you can, include non-alphanumeric characters in your password, such as a question mark or a plus sign.
Now your Microsoft Windows password can be cracked in 13.6 seconds, a vast improvement over the slow and tedious 101 seconds it took previously. An improved cryptanalytic method uses large amounts of memory–in this case, 1.4 GB–to speed its cracking of keys, says Security Wire Digest. I won’t bore you with how they did it. But the bottom line is that this attack doesn’t pose any practical threat, since only an administrator would be able to encryped password to conduct the attack, and users can resist by using passwords that contain more than just letters and numbers.