Hopes of building an uncrackable cryptographic system using quantum mechanics have been called into question, after scientists devised a way to cheat a test used to detect secret keys that have been intercepted.
As Symantec continues its analysis of Duqu, the latest malware targeting industrial control firms and based on the Stuxnet worm, other security researchers believe that certificate authorities are among the affected victims.
Symantec posted its preliminary analysis of the Duqu worm on Oct. 18. Duqu's focus appears to be on industrial control systems, but unlike Stuxnet, its goal appears to be information gathering and not disabling hardware. However, a pair of researchers from McAfee noted that the team behind Duqu may have compromised certificate authorities along the way.
Leaving laptops containing customers' personal details is a breach of Data Protection Act, Information watchdog says
Two organisations -- the Association of School and College Leaders (ASCL) and Holly Park School in Barnet -- breached the Data Protection Act by failing to encrypt personal information on laptops that were later stolen, the Information Commissioner's Office (ICO) said.
The BlackBerry OS is known for the many security safeguards it affords individual users and organizations, the most basic--and most important--of which is probably the device password. In fact, I've written countless mobile device security tips and tricks posts, and "Enable a password" is almost always atop my list of suggestions.
An Australian security expert respected for his work testing the defences of Apple software has published a method which appears to allow an attacker to break through the password defences of Cupertino’s latest Max OS X Lion operating system.
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
TechCrunch Disrupt finalist Bitcasa, a new cloud storage provider, was met with a healthy dose of skepticism last week when it claimed to be able to provide “infinite storage.” How does it do that? It can’t do what it promises! That’s not how encryption works! And so on. VC firm Andreessen Horowitz, along with First Round Capital, Pelion Venture Partners, and TechCrunch founder Michael Arrington’s CrunchFund have invested $1.3 million in the technology, which seems to suggest there’s valuable IP behind the startup’s overly broad promises of cheap, infinite and secure storage.
A programming glitch in Apple's OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked.
Hackers who obtained a fraudulent digital certificate for Google may have actually obtained more than 200 digital certificates for other top internet entities such as Mozilla, Yahoo and even the privacy and anonymizing service Tor.
Dutch certificate authority DigiNotar, which was hacked in July, has never acknowledged the number of fraudulent certificates the hackers managed to obtain, nor identified the possible targets other than Google.
Cryptographic algorithms are high-performance, secure engines that require considerable space in a design. When countermeasures are added to thwart security attacks, the space and memory requirements grow even more demanding.
For these reasons, cryptographic algorithms have traditionally been embedded as proprietary designs (i.e., intellectual property, IP) in hardware on smart cards or 8-bit chips. With recent improvements in core design and frequency performance, designers are now asking whether the customized IP blocks are still needed for these secure algorithms.
