An official Sony Twitter account has leaked the PlayStation 3 master signing key at the heart of the company's legal offensive against a group of hackers being sued for showing how to jailbreak the popular game console.
Kevin Butler, a fictional PS3 vice president, retweeted the metldr key in what can only be assumed was a colossal mistake.
An unencrypted laptop belonging to a Yorkshire hospital was stolen potentially impacting 1,500 patients. According to the Huddersfield Daily Examiner, the laptop was used as part of an electromyography (EMG) scanner in the hospital and had no data encryption deployed.
At a recent meeting of Calderdale and Huddersfield NHS Foundation Trust's board of directors, medical director Yvette Oade said that discussions were ongoing with manufacturers as to whether data could be encrypted to prevent information being accessed if such an event occurred again.
Developer Infinity Ward has warned players of the PS3 versions of Call of Duty 4 and Modern Warfare 2 that the recent key-level hack to the PS3 has opened the titles up to online exploits that can't be fixed with a simple patch.
Hacked servers reportedly have the ability to reset players' accumulated stats and unlocked abilities, as well as granting players temporary abilities such as auto-aiming and super-speed.
Last week, California's Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals' persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.
German hacker Thomas Roth's announcement that he used Amazon.com's (Nasdaq: AMZN) cloud service to crack a wireless network security standard has left some security researchers scratching their heads. Others are merely shaking them in disbelief.
That attack was launched against the SHA-1 hash algorithm. Roth's conclusions are that the SHA-1 algorithm is not fit for password hashing, and the compute power offered by cloud services makes it cheap and easy to launch brute-force attacks on passwords.
In the indictment that led to the expulsion of ten Russian spies from the U.S. in the summer of 2010, the FBI said that it gained access to their communications after surreptitiously entering one of the spies' homes, during which agents found a piece of paper with a 27-character password.
In other words, the FBI found it more productive to burglarize a house than to crack a 216-bit code, despite having the computational resources of the U.S. government behind it.
Facebook yesterday said it will use encryption to deal with its latest privacy problem, but the question remains as to whether that move is enough for the social network to save face.
It's broadly accepted that the hardest problem in security in general, and cryptography in particular, is designing products that are sufficiently easy to use that they gain wide public acceptance.
Paul Kocher, president and chief scientist at Cryptography Research, wrote one of the exceptions: Secure Sockets Layer (SSL) version 3, the software best known for securing browser connections. "SSL is a tremendously successful protocol but an absolute failure, the argument being that it gives the perception of security on devices that really aren't secure in many cases," he said.
AFTER a 16-year decline, car theft in Germany rose in 2009, according to figures released recently by the German Insurance Association. One "white hat" hacker, who probes security systems to flag up flaws that can then be patched, thinks he knows why. Karsten Nohl of Security Research Labs in Berlin, Germany, has identified vulnerabilities in the engine immobilisers used to protect modern cars from theft.
A German security enthusiast has used rented computing resources to crack a secure hashing algorithm (SHA-1) password.
Thomas Roth used a GPU-based rentable computer resource to run a brute force attack to crack SHA1 hashes. Encryption experts warned for at least five years SHA-1 could no longer be considered secure so what's noteworthy about Roth's project is not what he did or the approach he used, which was essentially based on trying every possible combination until he found a hit, but the technology he used.
