Encryption

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said. 

"We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications."

The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is “no longer considered safe” to use on commercial websites.

This comes only a day after a data breach led to 6.46 million LinkedIn hashed passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.

Nearly half of Canadian businesses that handle customers' personal information in digital form fail to use appropriate tools and practices to protect sensitive data, according to a survey commissioned by the Office of the Privacy Commissioner of Canada.

BoxCryptor, the client-side encryption tool for Dropbox, Box.net and other cloud storage services, has come a long way since its early, Windows-only incarnation.

These days, the tool works not only on Windows, Mac OS X and Linux, but also on Android and iOS. Right now, though, the Android version only works with Dropbox — but on Friday the team pushed out an update that they say readies it for other providers, including Box.net. 

Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay €150,000 (£122,000) before Friday, May 4, they said in a statement posted to Pastebin. Elantis confirmed the data breach on Thursday, but the bank said it will not give in to extortion threats. 

Just how secure is the data you’ve backed up online? Most cloud-based backup providers promise to encrypt your data before it’s uploaded to their servers, but a handful perform the encryption after the data’s been uploaded, which means they possess the key required to unlock your data and potentially hand it over to anyone who comes asking (backed with the right warrant).

My editor, Selena Frye called, asking what I knew about quantum cryptography. I remember muttering something about qubits. “Good,” she said. “This Phys.org article discusses a problem that has been fixed, I’d like you to write about it?” 

“Sure, I’ll get right on it. I didn’t even know quantum cryptography was broken. And, they already have a fix.

Since its release last Friday, thousands of players have struggled to untangle the knotty thicket of puzzles hidden deep within Xbox 360 indie title Fez, the 2D-meets-3D puzzle platformer that drove us batty with its obscure stumpers. Since then, only a few hundred have managed to complete enough of the game's challenges to reach the 200 percent (yes, 200 percent) completion threshold.

Developer Seb Sauvage has released the first public version of ZeroBin, an open source alternative to Pastebin. ZeroBin allows users to post text snippets anonymously and then send a link to the pasted file to other users. In contrast to Pastebin, it supports client side encryption of posted files (using 256-bit AES) which means the server retains no knowledge of the information being stored. Users can also easily clone existing "pastes" on the site. 

The free proxy servers of The TOR Project protect the identities of more than just hacktivists, hackers, dissidents in authoritarian countries and office drones surfing porn. Ordinary criminals apparently use it as well.

Eight people have been arrested on three continents for what federal agents called one of the most sophisticated markets for illegal drugs on the Internet.