|
Which news topic is most interesting to you?
| |
Viruses & Worms |
 | |
Safe Programming |
| |
Policies |
| |
General Security |
| |
Cryptography |
| |
Countermeasure |
| |
Corporate Security |
| View Results |
There is currently 0 registered member(s) and 1 guest(s) that are online.
|
|
|
Researchers Claim RSA Authentication Crack
Posted by: ttye0 on March 04, 2010 13:31
|
[0 comment(s)]
[Submit Comment]
|
|
Researchers at the University of Michigan say they have uncovered a way to circumvent encryption used on many devices. The research is the work of Valeria Bertacco, Todd Austin and Andrea Pellegrini. According to their paper, entitled 'Fault-Based Attack of RSA Authentication' (PDF), the trio demonstrated a way to beat the popular encryption method, which is used in media players, laptop computers, smartphones and other devices. It is also used by retailers to secure customer information online.
The researchers found that by varying the voltage on a device it was possible to get their hands on the 'private key' needed to beat the security feature. Using what they described as an inexpensive device specially-built for the experiment, the trio manipulated the voltage and caused the computer to make small mistakes in its communications with other clients. This ultimately revealed small pieces of the private key, which they eventually used to reconstruct the key offline....[more].
|
Quick and easy Linux security
Posted by: ttye0 on February 10, 2010 13:04
|
[0 comment(s)]
[Submit Comment]
|
|
You’ve just set up your Linux desktop. Naturally you want it to be as secure as possible. You’ve heard the rumors that, out of the box, Linux has outstanding security. Is it true? Do you really want to take a chance with that? Most likely not. But what can you do? There are tons of firewall tools you can use (take a look at my article “Build a custom firewall with fwbuilder” for an example). But outside of setting up a firewall on your machine, what can you do to boost the security on your desktop? In this article you will learn some very simple steps you can take to help make your Linux desktop a bit more secure than “out of the box”. These steps can be done by any level of user, so don’t think you will be doing any recompiling or creating iptables chains....[more].
|
Free and Open Source Encryption Software
Posted by: ttye0 on January 19, 2010 09:07
|
[0 comment(s)]
[Submit Comment]
|
|
One of the best ways to protect sensitive computer data like credit card numbers and social security information is to use encryption software. Encryption software executes an algorithm that is designed to encrypt data in such a way that it cannot be recovered (decrypted) without access to the key. It is a main component of all aspects of file protection and computer communication. Files on hard drives and other removable media, email messages, and packets sent over computer networks can be made secure by encryption software....[more].
|
Is your secure USB flash drive really secure?
Posted by: ttye0 on January 12, 2010 14:07
|
[0 comment(s)]
[Submit Comment]
|
|
If you're like me, you've taken to carrying important data on USB sticks or flash drives. They're handy, you can use them on any PC, and with built-in encryption even if you lost them it was no big deal. Bad news: It's now a big deal. The German security company SySS GmbH discovered that many, but not all, of today's encrypted USB sticks and flash drives are actually vulnerable to a relatively easy attack. It is not that the encryption itself-usually AES (Advanced Encryption Standard) encryption--that has been broken. It hasn't been. Despite what you may have read from some fear-mongers, AES remains unbroken.
What has happened though is that it appears many vendors didn't think through how they let people use the encryption in the first place. When you use a new encrypted USB drive for the first time, the drive already has a default device password. When the device's software asks for you to enter a password, it places its device password on your computer to authorize your drive and your password. Once on the computer, SySS discovered that you could watch the password authorization process. ...[more].
|
SQL Injection Strings
Posted by: ttye0 on January 07, 2010 07:54
|
[0 comment(s)]
[Submit Comment]
|
|
SQL injection attacks are executed via front-end Web applications that don’t properly validate user input. This tutorial is not going to go into detail on why these string work but it will show you how you can form these SQL Injection Strings which can be used to hack any website....[more].
|
Code that encrypts world's GSM mobile phone calls is cracked
Posted by: ttye0 on December 29, 2009 13:54
|
[0 comment(s)]
[Submit Comment]
|
|
A German computer engineer said Monday that he had cracked the secret code used to encrypt most of the world’s mobile phone calls. In an attempt to expose holes in the security of global wireless systems, 28-year-old Karsten Nohl cracked the 21-year-old GSM algorithm, which is used to encrypt 80 percent of the world’s mobile calls, reports the New York Times. Nohl revealed his success at the Chaos Communication Congress in Berlin, Germany. He said that 24 people worked independently to reproduce the code book, or binary code log, for the algorithm, which contains the equivalent of about two terabytes of data....[more].
|
Chrome OS Security Overview
Posted by: ttye0 on November 25, 2009 11:37
|
[0 comment(s)]
[Submit Comment]
|
|
Google has put up a very interesting document explaining the security features underlying its Chrome OS. The document also details the underlying guiding principles of Chrome OS' security features. In short, it comes down to process isolation, secure auto-update, verified boot, encryption, and more. Google's goal was to make the system practically secure and easy to use. In order to achieve this goal, the team followed four guiding principles....[more].
|
Blog: Authentication Changes
Posted by: ttye0 on November 16, 2009 08:18
|
[0 comment(s)]
[Submit Comment]
|
|
There have been some changes to the code that handles user authentication and account information storage. If you are unable to login or reset your account password successfully please feel free to contact me. You will find a link on the left side of this page for contacting me.page for contacting me. [less]
|
How to DDOS a federal wiretap
Posted by: ttye0 on November 13, 2009 10:11
|
[0 comment(s)]
[Submit Comment]
|
|
Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S. The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago. Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack....[more].
|
An important Linux fix
Posted by: ttye0 on November 09, 2009 11:32
|
[0 comment(s)]
[Submit Comment]
|
|
Most of the time you can go for months, years, without patching your Linux distribution and not be in any real danger. A recently uncovered security hole in the Linux kernel does deserve your attention. Specifically, Earl Chew, a Linux developer, and, at about the same time, Brad Spengler, creator of the Linux security program Grsecurity, discovered that there was a possible null pointer error that could, in theory, enable non-root users grab administrator privileges. You don't want that to happen. This particular bug, known in developer circles as CVE-2009-3547, hits all modern versions of the Linux 2.6 kernel It's been fixed in the upcoming 2.6.32 RC (release candidate), but unless you're running on Linux's bleeding edge, you're not running that version of the kernel....[more].
|
|
|
