|
Which news topic is most interesting to you?
| |
Viruses & Worms |
 | |
Safe Programming |
| |
Policies |
| |
General Security |
| |
Cryptography |
| |
Countermeasure |
| |
Corporate Security |
| View Results |
There is currently 0 registered member(s) and 4 guest(s) that are online.
|
|
|
Bringing Internet privacy into the 21st century
Posted by: ttye0 on April 02, 2010 10:22
|
[0 comment(s)]
[Submit Comment]
|
|
Finally, there's something Google and Microsoft can agree on: Our electronic privacy protections are in serious need of an overhaul. They, along with Intel, AOL, AT&T, the ACLU, and a dozen other household names, have formed the Digital Due Process coalition, aimed at urging Congress to modernize the Electronic Communications Privacy Act (ECPA) -- the only thing keeping Johnny Law from pawing through your digital life. The ECPA was passed into law in 1986. To put that in context, the first Notes From the Field columns appeared in print issues of InfoWorld that year, back when I was just a cub reporter. Ronald Reagan was still president, even if he may not have been aware of it at the time. The Web was still three years from being invented. The term "spam" still referred to canned luncheon meat, and a 300-baud modem represented a state-of-the-art Internet connection. Yet the ECPA is still the digital law of the land. It's a little like using statutes written for the horse and buggy era to govern the Autobahn....[more].
|
Researchers Claim RSA Authentication Crack
Posted by: ttye0 on March 04, 2010 13:31
|
[0 comment(s)]
[Submit Comment]
|
|
Researchers at the University of Michigan say they have uncovered a way to circumvent encryption used on many devices. The research is the work of Valeria Bertacco, Todd Austin and Andrea Pellegrini. According to their paper, entitled 'Fault-Based Attack of RSA Authentication' (PDF), the trio demonstrated a way to beat the popular encryption method, which is used in media players, laptop computers, smartphones and other devices. It is also used by retailers to secure customer information online.
The researchers found that by varying the voltage on a device it was possible to get their hands on the 'private key' needed to beat the security feature. Using what they described as an inexpensive device specially-built for the experiment, the trio manipulated the voltage and caused the computer to make small mistakes in its communications with other clients. This ultimately revealed small pieces of the private key, which they eventually used to reconstruct the key offline....[more].
|
Quick and easy Linux security
Posted by: ttye0 on February 10, 2010 13:04
|
[0 comment(s)]
[Submit Comment]
|
|
You’ve just set up your Linux desktop. Naturally you want it to be as secure as possible. You’ve heard the rumors that, out of the box, Linux has outstanding security. Is it true? Do you really want to take a chance with that? Most likely not. But what can you do? There are tons of firewall tools you can use (take a look at my article “Build a custom firewall with fwbuilder” for an example). But outside of setting up a firewall on your machine, what can you do to boost the security on your desktop? In this article you will learn some very simple steps you can take to help make your Linux desktop a bit more secure than “out of the box”. These steps can be done by any level of user, so don’t think you will be doing any recompiling or creating iptables chains....[more].
|
Free and Open Source Encryption Software
Posted by: ttye0 on January 19, 2010 09:07
|
[0 comment(s)]
[Submit Comment]
|
|
One of the best ways to protect sensitive computer data like credit card numbers and social security information is to use encryption software. Encryption software executes an algorithm that is designed to encrypt data in such a way that it cannot be recovered (decrypted) without access to the key. It is a main component of all aspects of file protection and computer communication. Files on hard drives and other removable media, email messages, and packets sent over computer networks can be made secure by encryption software....[more].
|
Is your secure USB flash drive really secure?
Posted by: ttye0 on January 12, 2010 14:07
|
[0 comment(s)]
[Submit Comment]
|
|
If you're like me, you've taken to carrying important data on USB sticks or flash drives. They're handy, you can use them on any PC, and with built-in encryption even if you lost them it was no big deal. Bad news: It's now a big deal. The German security company SySS GmbH discovered that many, but not all, of today's encrypted USB sticks and flash drives are actually vulnerable to a relatively easy attack. It is not that the encryption itself-usually AES (Advanced Encryption Standard) encryption--that has been broken. It hasn't been. Despite what you may have read from some fear-mongers, AES remains unbroken.
What has happened though is that it appears many vendors didn't think through how they let people use the encryption in the first place. When you use a new encrypted USB drive for the first time, the drive already has a default device password. When the device's software asks for you to enter a password, it places its device password on your computer to authorize your drive and your password. Once on the computer, SySS discovered that you could watch the password authorization process. ...[more].
|
SQL Injection Strings
Posted by: ttye0 on January 07, 2010 07:54
|
[0 comment(s)]
[Submit Comment]
|
|
SQL injection attacks are executed via front-end Web applications that don’t properly validate user input. This tutorial is not going to go into detail on why these string work but it will show you how you can form these SQL Injection Strings which can be used to hack any website....[more].
|
Code that encrypts world's GSM mobile phone calls is cracked
Posted by: ttye0 on December 29, 2009 13:54
|
[0 comment(s)]
[Submit Comment]
|
|
A German computer engineer said Monday that he had cracked the secret code used to encrypt most of the world’s mobile phone calls. In an attempt to expose holes in the security of global wireless systems, 28-year-old Karsten Nohl cracked the 21-year-old GSM algorithm, which is used to encrypt 80 percent of the world’s mobile calls, reports the New York Times. Nohl revealed his success at the Chaos Communication Congress in Berlin, Germany. He said that 24 people worked independently to reproduce the code book, or binary code log, for the algorithm, which contains the equivalent of about two terabytes of data....[more].
|
Chrome OS Security Overview
Posted by: ttye0 on November 25, 2009 11:37
|
[0 comment(s)]
[Submit Comment]
|
|
Google has put up a very interesting document explaining the security features underlying its Chrome OS. The document also details the underlying guiding principles of Chrome OS' security features. In short, it comes down to process isolation, secure auto-update, verified boot, encryption, and more. Google's goal was to make the system practically secure and easy to use. In order to achieve this goal, the team followed four guiding principles....[more].
|
Blog: Authentication Changes
Posted by: ttye0 on November 16, 2009 08:18
|
[0 comment(s)]
[Submit Comment]
|
|
There have been some changes to the code that handles user authentication and account information storage. If you are unable to login or reset your account password successfully please feel free to contact me. You will find a link on the left side of this page for contacting me.page for contacting me. [less]
|
How to DDOS a federal wiretap
Posted by: ttye0 on November 13, 2009 10:11
|
[0 comment(s)]
[Submit Comment]
|
|
Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S. The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago. Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack....[more].
|
|
|
"A competent and self-confident person is incapable of jealousy in anything. Jealousy is invariably a symptom of neurotic insecurity."
-Robert A. Heinlein
|
|
|
|
