[img_assist|nid=497|title=|desc=|link=none|align=left|width=115|height=115]Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.
Browsing Category: Cryptography
The parade of large-scale data losses is continuing unabated. The latest incident involves an unencrypted Flash drive containing the personal information of more than 100,000 adult education students in Virginia.
PayPal suspended the account of a white-hat hacker on Tuesday, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor.
“Under the Acceptable Use Policy, PayPal may not be used to send or receive payments for items that show the personal information of third parties in violation of applicable law,” company representatives wrote in an email sent to the hacker, Moxie Marlinspike. “Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.” Read the full story [Dan Goodin/The Register]
Visa has announced new global best practices for data field encryption, also known as end-to-end encryption – a much-discussed solution in the wake of the Heartland Payment Systems breach.
Announced by the global credit card company on Monday, these best practices are designed to further the payment industry’s efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the “clear.” Read the full story [govinfosecurity.com]
Online criminal gangs have begun using special malware that enables them to hide the amount of money that they’re stealing from victims’ online banking accounts, helping them evade detection for longer periods of time and extend the effectiveness of their crime sprees.
Once pitched as an additional layer of security for E-banking transactions, two-factor authentication is slowly becoming an easy to bypass authentication process, to which cybercriminals have successfully adapted throughout the last couple of years. Read the full story [zdnet.com]. Also see this MIT Technology Review report on how cybercriminals managed to steal $447K despite the fact that two-factor authentication was in place.
Locked in a cat-and-mouse game with spammers who use bots to defeat anti-fraud mechanisms and create fake accounts, Google today announced a deal to acquire reCAPTCHA, a company that provides those squiggly words at login screens.
The ReCAPTCHA deal isn’t exactly a security transaction. Strategically, it gives Google an excellent crowd-sourcing tool to beef up its already impressive machine-vision algorithms (think book-scanning and maps) but, in the long run, the ability to use CAPTCHAs that are near-impossible for bots to decipher allows Google to raise the bar significantly in the fight against bots and spam.
A pair of Japanese researchers have developed an improvement on an existing technique for attacking wireless LAN traffic that enables them to intercept and decrypt encrypted packets in about a minute, significantly lowering the barrier to entry for attackers looking to listen in on supposedly private connections.
Martin Hellman, the co-inventor of public key cryptography, uses his background in security and cryptography to bring insights to two seemingly unrelated issues: nuclear weapons and soaring.