An encryption code used to protect billions of credit cards, subway passes and security badges is safe no more.
A University of Virginia graduate student and two fellow hackers say they have cracked the code used for tiny chips found inside many "smartcards" with readily available equipment that cost less than $1,000.
Twenty-six-year-old Karsten Nohl and his two German partners dismantled the chip and mapped out its secret security algorithm. They ran the formula through a computer program and broke the encryption after a few hours.
A research team at Princeton University has found a method to break into an encrypted hard drive to access protected information.
The method involves freezing the DRAM or Dynamic Random Access Memory in a computer. Freezing the memory can be easily done by spraying the memory chips with the cold canned air found in duster spray. Researchers said in a report published on Thursday that doing this, allows the chip to retain data for minutes or even hours after the computer is out of power.
BitLocker, meet UnBitLocker.
Word arrives from The Electronic Frontier Foundation that a crack team of researchers - including the Foundation's own Seth Schoen - have discovered a gaping security flaw in everyday disk encryption technologies, including Microsoft's BitLocker as well as TrueCrypt, dm-crypt, and Apple's FileVault.
If a machine is screen-locked or left in sleep or hibernation mode, Schoen and his cohorts proclaim, an attacker can circumvent disk encryption simply by powering the machine down and quickly re-booting to an external hard drive.
The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned.
Many organizations are encrypting their stored data to relieve concerns over data theft or loss - for example, U.S. mandatory disclosure laws on data breaches do not apply to encrypted data.
However, experts from IBM Internet Security Systems, Juniper, nCipher and elsewhere said that data encryption also brings new risks, in particular via attacks - deliberate or accidental - on the key management infrastructure.
German police are unable to decipher the encryption used in the Internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer said on Thursday. Skype allows users to make telephone calls over the Internet from their computer to other Skype users free of charge.
Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies.