Cryptography

HED: New Intel Chips Support SMS Kill SwitchDEK: Anti Theft 3 Chips Can be disabled via 3G NetworksNew computer processors from Intel Corp, due out in 2011, can be disabled using an SMS “poison pill” message sent over any 3G cellular network, according to Intel documentation.The new anti-theft feature, which Intel has dubbed “Anti Theft 3.0” will only be available for devices using Intel’s latest Sandy Bridge microprocessors. The new feature will enable organizations to remotely disable lost or stolen laptops even if those devices are not connected to the Internet. Instead Any device within range of a 3G cell tower could be disabled using what Intel describes as an “encrypted SMS” text message. The new feature comes as organizations are looking for ways to guard against data breaches that stem from lost or stolen mobile devices, one of the biggest sources of such breaches. Intel is planning to unveil the new chips at teh Consumer Electronics Show (CES) in Las Vegas in January. The addition of a 3G “kill switch” for Intel is just the latest evolution in its hardware-based anti theft technology and has been in the works for months. Intel already offers customers the ability to disable lost or stolen devices via LAN, wirless LAN and VPN connection. However, those methods require a lost or stolen device to be connected directly to the Internet first. The 3G poison pill feature would allow technicians to trigger one or more security features so long as the stolen or lost device checked in with a 3G tower. Options include disabling access to encrypted data by deliting an encryption key stored in the chipset, disabling the laptop by blocking the boot process or both, Intel said. The term “poison pill” may be misleading, however, as Intel’s Anti Theft features also allow users to re-enable the device after the anti-theft features have been enabled. Intel has made security a key investment area, as the company prepares for a post-PC world in which “pro-sumer” mobile devices running its processors increasingly operate outside of corporate firewall, carry a mixture of personal and corporate data and leverage both WiFi and 3G connections for Internet connectivity, voice, video and more. In August, Intel purchased anti malware firm McAfee for $7.68b in a surprise move. Intel said that it was interested in baking security deeper into its hardware and avoid the traditional performance slow downs that security software produces. The Sandy Bridge chip is the successor to the Nehalem architecture and is already being distributed to Intel OEMs. The anti theft features are just one improvement on the latest generation processors, along with improved performance, a boost in the capabilities of integrated graphics features.  New computer processors from Intel Corp, due out in 2011, can be disabled using an SMS “poison pill” message sent over any 3G cellular network, according to published reports.

A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device.

Authorities in Romania have disrupted a large hacking ring accused of stealing Voice over IP (VoIP) data from hacked servers and using it to place bogus calls to premium rate numbers. Agence France Presse reported on Tuesday that 42 people were arrested in the sting, breaking up a network that was headed by two Romanians and that had caused more than $13.5m in losses to firms in the U.S., Britain, South Africa, Italy and Romania. 

The incredible allegations that developers working under the auspices of the FBI and Justice Department planted a backdoor in the IPSec stack of the OpenBSD operating system are likely just that, experts say: not credible.

CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online.
Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts published on the Internet. How can you figure out if your e-mail and password were among more than a million that were stolen? Read on for instructions on figuring out if you’re one of the victims of the Gawker attack, and what to do about it.

A massive hack of systems belonging to online publishing giant Gawker Media has put gigabytes of sensitive information related to Gawker founder Nick Denton and the company’s operations online. But a trove of millions of hashed account passwords could be an even bigger problem for untold numbers of individuals, companies and government agencies.

The National Institute of Standards and Technology has chosen the five finalists for the last round of its competition to find the next hash function standard. The SHA-3 finalists include Skein, developed by a group including Bruce Schneier and Jon Callas.