Browsing Category: Cryptography

[img_assist|nid=1776|title=|desc=|link=none|align=left|width=115|height=115]The recent ACM Cloud Computing Security Workshop in Chicago was devoted specifically to cloud security. Speakers included Whitfield Diffie, a cryptographer and security
researcher who, in 1976, helped solve a fundamental problem of
cryptography: how to securely pass along the “keys” that unlock
encrypted material for intended recipients. Diffie, now a visiting professor at Royal Holloway, University of
London, was until recently a chief security officer at Sun
Microsystems. He sat down with Technology Review’s chief
correspondent. Read the full article. [Technology Review]

Read more...

[img_assist|nid=1752|title=|desc=|link=none|align=right|width=115|height=115]Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection, followed by cross-site scripting (XSS), broken authentication and session management, insecure direct object references, cross-site request forgery (CSRF), security misconfiguration, failure to restrict URL access, unvalidated redirects and forwards, insecure cryptographic storage, and insufficient transport layer protection. The list is considered a “release candidate” that will be published in its final form in 2010. Read the full article. [Dark Reading]

Read more...

[img_assist|nid=1549|title=|desc=|link=none|align=right|width=115|height=115]A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public. The flaw allows an outsider to hijack a legitimate user’s browser session and successfully impersonate the user, the researchers said in a technical paper.  Read the full story [zdnet.co.uk]

Read more...

Categories: Cryptography, Malware

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Pleas[img_assist|nid=1504|title=|desc=|link=none|align=left|width=115|height=115]e visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.  Read the full story [Dancho Danchev/ZDNet]

Read more...

Microsoft has released
a free tool for retroactively hardening applications against known
attacks, without recompiling the program[img_assist|nid=1293|title=|desc=|link=none|align=right|width=115|height=115] with a special compiler flag.
The Enhanced Mitigation Evaluation Toolkit
(EMET) allows developers and administrators to activate specific
protection mechanisms in compiled binaries without requiring access to
the source code. The tool is currently able to prevent or impede four
attack techniques. Read the full story [The H Online]  See Microsoft blog post on EMET [technet.com]

Read more...

Categories: Cryptography

The U.S. C[img_assist|nid=1138|title=|desc=|link=none|align=right|width=120|height=186]omputer Emergency Readiness Team warned BlackBerry users on Tuesday about a new program called PhoneSnoop that allows someone to remotely eavesdrop on phone conversations.The PhoneSnoop application must be installed on the phone by someone who has physical access to it or by tricking the user into downloading it, the CERT advisory said. Read the full story [CNET/Elinor Mills]

Read more...

Categories: Cryptography

[img_assist|nid=511|title=|desc=|link=none|align=left|width=115|height=115]Guest editorial by Paul Roberts  In a weird kind of synchronicity, two stories recently have raised the specter of discarded (not merely misplaced) hard drives as the source of considerable consternation and legal wrangling. In the most serious incident, the Inspector General of the National Archives and Records Administration (NARA) launched an investigation into a potential data breach that could expose the personal information and health records of up to 70 million veterans.

Read more...