Economic pressures are driving more businesses and governments to nervously eye cloud computing, despite
myriad unanswered questions that swirl around a single central concern: security. This was backdrop for a panel discussion
between CISOs at this week’s RSA Conference. Read the full article. [Network World]
Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key. The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Read the full article. [The Register]
University of Michigan scientists have found they could foil RSA authentication by varying the
voltage supply to the holder of the “private key,” which would be the
consumer’s device in the case of copy protection and the retailer or
bank in the case of Internet communication. It is highly unlikely that
a hacker could use this approach on a large institution, the
researchers say. Read the full article. [ScienceDaily]
At the RSA conference in San Francisco, a panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions. By going against the grain, new objectives can be made and boundaries overcome.
For years, leaders of the security industry have warned that
passwords have outlived their usefulness. Users pick easy-to-crack
passwords like the name of a dog or a favorite movie. They’re written
on post-it notes and left sticking to the monitor for all to see. Multi-factor
authentication — using more than one form of authentication to verify
the legitimacy of a transaction via smart cards, tokens or biometrics,
for example — is often held up as the alternative; an end to insanity. The reality is far less simple. Read the full article. [CSO]
Cryptographers are expecting several of the major cryptographic systems in use today to be broken in the near future.
A ring of ticket brokers has been indicted in connection to an elaborate hacking scheme that used bots and other fraudulent means to purchase more than 1 million tickets for concerts, sporting events and other events. The defendants made more than $25 million in profits from the resale of the tickets between 2002 and 2009. Read the full article. [Wired]
A German research team has now developed a true random number generator that
uses an extra layer of randomness by making a computer memory element,
a flip-flop, twitch randomly between its two states 1 or 0. Immediately
prior to the switch, the flip-flop is in a “metastable state” where its
behavior cannot be predicted. Read the full article. [ScienceDaily]
Researchers at Florida State University have discovered crystals that could lead to super security chips. The security chips could store encrypted data written two different ways — electrically and magnetically — making extraction of the data more complex and so more difficult for attackers to decrypt. Read the full article. [NetworkWorld]
Renukanth Subramaniam, 33, who had previously plead guilty was sentenced to 46 months for conspiracy to defraud and 10 months
for five counts of mortgage fraud, the terms to run consecutively. Also
sentenced was Darkmarket user John McHugh, 66, who had the sign in “Devilman” and created fake credit cards
that were sold through the site. Read the full article. [BBC News]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
