Researchers have devised an attack against a Microsoft-developed authentication scheme that makes it trivial to break the encryption used by hundreds of anonymity and security services, including the iPredator virtual private network offered to users of The Pirate Bay.
Being able to communicate without fear of prying eyes and ears intercepting could literally mean the difference between life and death for journalists uncovering corruption in high places, campaigners and activists trying to make the world a better place, or undercover agents engaged in covert operations. The creative force behind well-known email encryption software PGP (Pretty Good Privacy) had just such folks in mind when developing his latest digital security product.
A hacking expert has launched a $200 password-cracking tool that makes it easy to decipher Internet traffic sent through a widely used method for securing businesses communications.
Moxie Marlinspike, one of the world's top encryption experts, unveiled the tool on Saturday during a presentation at the Def Con hacking conference in Las Vegas.
A cross-disciplinary team of US neuroscientists and cryptographers have developed a password/passkey system that removes the weakest link in any security system: the human user. It’s ingenious: The system still requires that you enter a password, but at no point do you actually remember the password, meaning it can’t be written down and it can’t be obtained via coercion or torture.
No matter how careful you think you are, there’s always a chance that when you send an e-mail, text message, or make a call on your iPhone, someone could intercept it. For those who are concerned about security on their phones, a new suite of applications called Silent Circle will provide just the peace of mind you need to use your iPhone without worry.
Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.
Two researchers in the Netherlands helmed the construction of a LEGO Turing machine, a quirky manifestation of the classic computer science concept first devised by Alan Turing in 1936.
The device, built by Jereon van den Bos and Davy Landman using a single LEGO Mindstorms NXT set, is one of the most impressive — and simple — attempts we’ve seen at building a physical Turing machine.
The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, says security researcher Alexander Sotirov.
In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.
The Enigma cypher machine used by the German military in World War II is still a tough nut to crack today. The total number of ways it can be configured for every letter is around 150 million million million. That's enough to keep it beyond the reach of all but the most determined of brute force attacks.
So how were the late Alan Turing (whose 100th birthday is being celebrated in academic circles this June) and his fellow Bletchley Park code-breakers able to crack the Enigma and provide the Allies with such priceless intelligence?
When SandForce announced the SF-2000 SSD controller family, it touted the controller's ability to encrypt data with a 256-bit AES algorithm. The previous generation of SandForce controllers did 128-bit AES encryption, but the new chip added a second hardware engine with AES-256 support. Trouble is, the SF-2000 controller's 256-bit encryption doesn't work properly. Although the latest SandForce controllers encrypt data using AES, they do so using only 128 bits.
