MIT’s Kerberos 5 Patched

A patch for the MIT’s Kerberos 5 implementation is to fix integer underflows in the functions for decrypting AES and RC4 ciphertexts. Read the full article. [The H Security]

GMail Goes “https-only” By Default

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service.

A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi.

Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it. The COFEE application lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people’s computers.

Guest editorial by Paul Roberts  In a weird kind of synchronicity, two stories recently have raised the specter of discarded (not merely misplaced) hard drives as the source of considerable consternation and legal wrangling. In the most serious incident, the Inspector General of the National Archives and Records Administration (NARA) launched an investigation into a potential data breach that could expose the personal information and health records of up to 70 million veterans.

The U.S. Government Accountability Office (GAO) has painted a bleak picture of the NASA’s IT security posture.
An audit of the space agency’s computer systems found weaknesses in
several critical areas, especially in the way NASA implemented access
controls like user accounts, passwords and the encryption of sensitive
data. Here’s the gist of the audit findings:

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.