Site Overlay

DigiNotar Breach Notes

Some folk have asked me for more details about the DigiNotar breach after my brief appearance on Al Jazeera this morning. So here are the notes I prepared for the segment. Links at the bottom. Background web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right company or organisation. It allows a user to set up a secure connection between their computer and the organisation’s website. Browsers will show a little lock or some other icon to signify the certificate has been found and is trusted. Hackers broke into a Dutch company called DigiNotar, itself ownedContinue readingDigiNotar Breach Notes

Foiling EMI

Further to my rant yesterday about digital rights management, my friend Mark tells me that getting around the Coldplay X&Y copy protection is easy — just rip it on a Mac. He’s right, at least for me: Works like a dream, after no joy at all on two ThinkPads. This may not be true with all copies of the CD. I bought mine in Hong Kong in 2005, although it appears to be imported from Europe. A piece on ConsumerAffairs says the “CD’s restrictions also prevent it from being played or copied on Macintosh PCs.” Some folk reported problems playing it on their Macs. HopefullyContinue readingFoiling EMI

Whatever Happened to Geo-encryption?

Ok, not the question on the tip of your tongue, but bear with me. Geoencryption, or geo-encryption, boils down to: How about if you could only access data when you’re at a certain spot?  It’s not a new idea: the brains behind it, Dorothy Denning, a veteran of cryptology has been talking about it for at least a decade. When people were last getting excited about it, in the wake of 9/11,  it was all about movie studios being able to release films digitally confident that only movie theaters could decrypt them, or coded messages to embassies only be deciphered within the building itself. NowContinue readingWhatever Happened to Geo-encryption?

Hang On, I’m Just Calling My Getaway Car

A bank in Chicago has banned use of cellphones in five of its branches, hoping to prevent the bad guys from communicating with each other during a robbery, according to UPI: “We ban cell phone use in the lobby because you don’t know what people are doing,” Ralph Oster, a senior vice president [of the First National Bank], told the Chicago Tribune. Cell phone cameras are also a worry. Oster said there have been holdups in which bandits were on the phone with lookouts outside while committing bank robberies. As the piece points out, this isn’t the first such ban: West Suburban Bank, based inContinue readingHang On, I’m Just Calling My Getaway Car

Biometrics Close To The Bone

Further to my column about fingerprint biometric scanners (subscription only ), I’ve heard from  a company working on a different kind of biometric security: Via the bone. Last week, Mass.-based RSA Security Inc. (the guys who make the SecurID number tag, called ‘a two-factor user authentication system’ in the jargon) announced a joint research collaboration with Israel’s i-Mature, specialists in ‘online age recognition’. The two vow to bring together RSA Security’s cryptographic expertise and i-Mature’s Age-Group Recognition (AGR) technology to “work towards a unique solution that would genuinely improve the safety of the Internet for children, by enabling both adult and children’s sites to restrict their contentContinue readingBiometrics Close To The Bone

Didtheyreadit’s Response To Privacy Issues Part II

More on Alastair Rumpell’s response to my privacy concerns about his new email monitoring service, didtheyreadit.  (Here’s the first one.) I wondered how the email addresses harvested by Rampell would be used (These would include all emails sent from and to recipients via the service since as far as I can understand it didtheyreadit, unlike MSGTAG, would work via tagging the email address, not the email itself. This would involve collecting the email address of sender and recipient). Alastair’s response: “We don’t harvest any e-mail addresses—I wasn’t sure to which e-mail addresses you are referring. We can send you e-mails to the account you registerContinue readingDidtheyreadit’s Response To Privacy Issues Part II

Going Public With Sensitive Data

Forget phishing for your passwords via dodgy emails. Just use Wi-Fi. Internet security company Secure Computing Corporation have today released a report prepared by security consultants Canola/Jones Internet Investigations which “documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks.”  The full report is available (in PDF format) here. Posing as a business traveler, the author “found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information”. Wireless access points are especially vulnerable: “Tests conducted at an airport Internet cafe and at a popular chain of coffeeContinue readingGoing Public With Sensitive Data

News: Beware The Password

 As if you didn’t know it already, (and I’ve posted about this before) your Windows passwords are not safe. According to an article on TechExtreme, some Swiss researchers have published a paper detailing how to crack Windows computers protected by alphanumeric passwords in an average of 13.6 seconds.   Their approach can crack 99.9 percent of all alphanumerical passwords in 13.6 seconds, against a previous 101 seconds. The bottom line: When you can, include non-alphanumeric characters in your password, such as a question mark or a plus sign.

News: Cracking a Password is Fast

Now your Microsoft Windows password can be cracked in 13.6 seconds, a vast improvement over the slow and tedious 101 seconds it took previously. An improved cryptanalytic method uses large amounts of memory–in this case, 1.4 GB–to speed its cracking of keys, says Security Wire Digest. I won’t bore you with how they did it. But the bottom line is that this attack doesn’t pose any practical threat, since only an administrator would be able to encryped password to conduct the attack, and users can resist by using passwords that contain more than just letters and numbers.

Copyright © 2020 loose wire blog. All Rights Reserved. | Catch Sketch by Catch Themes