Cryptography


Lost BP Laptop Contains Financial Information on Thousands of Gulf Oil Spill Victims

Almost a year has passed since the Deepwater Horizon oil rig exploded and spewed three months of oil into the Gulf of Mexico. But less than six months after the beleaguered oil giant managed to cap that well, it is contending with a new spill of a different sort: the loss of personal information on thousands of Gulf Coast residents who had filed claims for compensation stemming from the leak.

Comodo Says Two More Registration Authorities Compromised

Officials at Comodo have acknowledged that an additional two registration authorities affiliated with the company have been compromised in the wake of the high-profile attack on the company that was disclosed last week. However, no forged certificates were issued as a result of the new attacks.

Attacking and Defending the Tor Network

BOSTON–The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have had some recent success in preventing the use of the anonymity network, Tor members have been working on new methods for circumventing those restrictions.


The unnamed hacker who has taken credit for the attack on Comodo last week that resulted in a number of fraudulent certificates being issued for high-value sites belonging to Google, Yahoo and Microsoft has posted the certificate that he issued himself for a Mozilla domain, as well as the private key for that certificate, in an effort to prove his claims.

Dennis Fisher talks with Paul Kocher of Cryptography Research about the details of the attack on RSA, what the attackers might have stolen and what the compromise of the seed file for the SecurID tokens would mean for customers.

The attack on RSA that the company revealed last week raises a multitude of questions about the security of the company’s network and its own internal procedures. But the most important issues the RSA attack brings to the surface concern exactly what the attackers may have been after and what the successful compromise means for the integrity of the tens of millions of SecurID tokens deployed around the world.

Greg Hoglund, CTO of HBGary, admits that lackluster security played a central role in the breach that led to the release of some 50,000 company emails, but also disputes common understanding and reported details of the hack, going so far as to say there was actually no hack at all.