Cryptography


Windows Bitlocker Open to Attack

An attacker with access to the target computer simply boots from a USB
flash drive and replaces the BitLocker bootloader with a substitute
bootloader which mimics the BitLocker PIN query process but saves the
PINs entered by the user to disk in unencrypted form. Read the full article. [The H Security]

Data from MS Shows Password Attack Focus

Microsoft released data collected from an FTP-server
honeypot, showing that attempts to guess passwords continue to focus on
the low-hanging fruit: passwords with an average length of eight
characters, with “password” and “123456” being the most common. Read the full article. [Security Focus]


Beginning in March, personal identifiable data of customers and employees in Massachusetts will be required to be encrypted on any mobile device such as laptops or portable USB drives. Read the full article. [EnterpriseNews]

Authorities in the U.K. have arrested two people in connection with using a notorious Trojan in a scheme to steal online banking information. The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchester, according to police. The duo is accused of using the Zeus Trojan, also known as Zbot, in a plot to steal information. It is believed the Trojan was configured to record victim’s online bank account information and passwords, as well as credit card numbers and other information. Read the full article. [eWEEK]

Technologists already are worried about the security implications of linking nearly all elements of the U.S. power grid to the public Internet. Now, privacy experts are warning that the so-called “smart grid” efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers’ daily power consumption. Read the full article. [Washington Post]

They’re the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here’s an inside look at the battle against cybercrime’s weapons of mass infection. Read the full article. [CSOonline.com]

The recent ACM Cloud Computing Security Workshop in Chicago was devoted specifically to cloud security. Speakers included Whitfield Diffie, a cryptographer and security
researcher who, in 1976, helped solve a fundamental problem of
cryptography: how to securely pass along the “keys” that unlock
encrypted material for intended recipients. Diffie, now a visiting professor at Royal Holloway, University of
London, was until recently a chief security officer at Sun
Microsystems. He sat down with Technology Review’s chief
correspondent. Read the full article. [Technology Review]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.