Nate Lawson: Crypto Strikes Back!

This Google Tech Talk features researcher Nate Lawson discussing recent vulnerabilities in crypto libraries, why public key cryptography is like a Ford Pinto in a demolition derby and the password-hashing mess created by Web 2.0 sites.

Moxie Marlinspike on SSL Attacks

Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip.

The cryptographic underpinnings of the Internet are beginning to show some serious wear, and the outlook for better days ahead is not particularly rosy. In just the last week there has been news of major new attacks on perhaps the two most widely used encryption technologies: SSL and AES. We’ve heard talk of cracks in both protocols before, but this time, even the most conservative observers are worried.

From Network World (Michael Cooney)
Researchers at IBM have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data.
According to IBM the driving idea behind the MAGEN (Masking Gateway for Enterprises) system is to prevent data leakage and allow the sharing of data while safeguarding sensitive business data. Read the full story [Network World].

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.