A Second GSM Cipher Falls

A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi.

Inside The Google Chrome OS Security Model

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS.

Microsoft’s Police Forensic Tool Leaked to Bad Guys

Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it. The COFEE application lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people’s computers.

Guest editorial by Paul Roberts  In a weird kind of synchronicity, two stories recently have raised the specter of discarded (not merely misplaced) hard drives as the source of considerable consternation and legal wrangling. In the most serious incident, the Inspector General of the National Archives and Records Administration (NARA) launched an investigation into a potential data breach that could expose the personal information and health records of up to 70 million veterans.

The U.S. Government Accountability Office (GAO) has painted a bleak picture of the NASA’s IT security posture.
An audit of the space agency’s computer systems found weaknesses in
several critical areas, especially in the way NASA implemented access
controls like user accounts, passwords and the encryption of sensitive
data. Here’s the gist of the audit findings:

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.

Visa has announced new global best practices for data field encryption, also known as end-to-end encryption – a much-discussed solution in the wake of the Heartland Payment Systems breach.
Announced by the global credit card company on Monday, these best practices are designed to further the payment industry’s efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the “clear.”  Read the full story [govinfosecurity.com]

A group of cryptographers has devised a new attack against AES, the de facto standard encryption algorithm, that enables them to recover an encryption key in far less time than had been possible before. The attack can recover an AES-256 key in a small enough amount of time to make the method practical for common attackers, leading some experts to recommend that users stop using AES-256 immediately.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.