Items Tagged with "Encryption"
From the Web
Cloud Based Wireless Cracking Services
December 15, 2009 from: AEON Security Blog
Security researchers are leveraging cloud computing to crack WPA wireless passwords at a cost and we’re wondering what other nefarious deeds are being done via cloud computing that we’ve never heard about. To be fair about this, for starters if you take notice of PC World’s title for the article, “New Cloud-based Service Steals Wi-Fi Passwords” it’s completely w...
Comments (0)
From the Web
The Security Implications of Windows Volume Shadow Copy
December 02, 2009 from: hackyourself.net
Suppose you decide to protect one of your documents from prying eyes. First, you create an encrypted copy using an encryption application. Then, you "wipe" (or "secure-delete") the original document, which consists of overwriting it several times and deleting it. (This is necessary, because if you just deleted the document without overwriting it, all the data that was in the file would physically ...
Comments (0)
From the Web
"Evil Maid" Attacks on Encrypted Hard Drives
October 23, 2009 from: hackyourself.net
Earlier this month, Joanna Rutkowska implemented the "evil maid" attack against TrueCrypt. The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. Basically, the attack works like this:
Comments (0)
Where are the DBAs?
October 07, 2009 Added by:Michael Menefee
What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.
Comments (3)
From the Web
Highmark changes it procedures in wake of BCBS breach
October 07, 2009 from: Office of Inadequate Security
that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.
Comments (0)
From the Web
Visa releases End to End Best Practices! Big Kudos!!
October 06, 2009 from: hackyourself.net
Visa, always leading the charge for the card brands, has just released a new document on Data Field Encryption. Visa’s Best Practices document, known as Data Field Encryption Version 1.0 is intended to provide guidance for companies building end to end (or point to point) encryption solutions.
Comments (0)
From the Web
The Doghouse: Crypteto
September 30, 2009 from: hackyourself.net
The most important issue of any encryption product is the 'bit key strength'. To date the strongest known algorithm has a 448-bit key. Crypteto now offers a 49,152-bit key. This means that for every extra 1 bit increase that Crypteto has over its competition makes it 100% stronger. The security and privacy this offers is staggering.
Comments (0)
From the Web
Breaking Vanish: A Story of Security Research in Action
September 29, 2009 from: hackyourself.net
Today, seven colleagues and I released a new paper, "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs". The paper's authors are Scott Wolchok (Michigan), Owen Hofmann (Texas), Nadia Heninger (Princeton), me, Alex Halderman (Michigan), Christopher Rossbach (Texas), Brent Waters (Texas), and Emmett Witchel (Texas).
Comments (0)
From the Web
Heartland CEO: Credit Card Encryption Needed
September 15, 2009 from: Office of Inadequate Security
Grant Gross of IDG News Service reports that in testimony before the Senate Homeland Security and Governmental Affairs Committee yesterday, Heartland Payment Systems CEO Robert Carr was hit with a question about how the payment processor could have been breached for over one year and yet not detected it:
Comments (0)
From the Web
Quantum Chip Helps Crack Code
September 15, 2009 from: hackyourself.net
An interesting article on using Quantum Computing to speed up cracking encryption code. Researchers in England have built a chip that uses quantum computing to aid in the factoring of large numbers.
Comments (0)
From the Web
TJX settles banks’ lawsuit
September 02, 2009 from: Office of Inadequate Security
The Associated Press reports that TJX has settled TJX said it has paid $525,000 to settle claims by some banks about costs they incurred as a result of the retailer’s massive data breach. Other banks — AmeriFirst Bank, HarborOne Credit Union, SELCO Community Cre...
Comments (0)
From the Web
Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen
August 17, 2009 from: Office of Inadequate Security
An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal ...
Comments (0)
From the Web
Heartland says breach has cost $32 million so far
August 06, 2009 from: Office of Inadequate Security
Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.
Comments (1)
From the Web
Feds at DefCon Alarmed After RFID’s Scanned
August 04, 2009 from: hackyourself.net
Feds get a scare at DefCon when they learn of an RFID sniffing system in use by researchers at the conference. RFID has long been known to be sensitive to anonymous sniffing of embedded data in RFID chips, and new cheap tools may bring this tech to everyone.
Comments (0)
From the Web
Another New AES Attack
July 30, 2009 from: hackyourself.net
Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the paper are not practical -- they're far too complex, they're related-key attacks, ...
Comments (0)
Extremely Sensitive US Secrets Found on P2P Networks
July 29, 2009 Added by:Michael Menefee
According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.