HITB GSEC Singapore (August 21st - 25th)
Register Online Now!
BitLocker, meet UnBitLocker.
Word arrives from The Electronic Frontier Foundation that a crack team of researchers - including the Foundation's own Seth Schoen - have discovered a gaping security flaw in everyday disk encryption technologies, including Microsoft's BitLocker as well as TrueCrypt, dm-crypt, and Apple's FileVault.
If a machine is screen-locked or left in sleep or hibernation mode, Schoen and his cohorts proclaim, an attacker can circumvent disk encryption simply by powering the machine down and quickly re-booting to an external hard drive.
The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned.
Many organizations are encrypting their stored data to relieve concerns over data theft or loss - for example, U.S. mandatory disclosure laws on data breaches do not apply to encrypted data.
However, experts from IBM Internet Security Systems, Juniper, nCipher and elsewhere said that data encryption also brings new risks, in particular via attacks - deliberate or accidental - on the key management infrastructure.
German police are unable to decipher the encryption used in the Internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer said on Thursday. Skype allows users to make telephone calls over the Internet from their computer to other Skype users free of charge.
Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies.
A highly respected cryptographer warned on Friday that the increasing sophistication of computer chip design raises the risk that undetected bugs could be used to crack public key encryption systems. The warning was issued by Adi Shamir, a professor at Israel's Weizmann Institute of Science. The "S" in RSA, one such public key encryption algorithm, belongs to Shamir.
According to security experts, an algorithm for generating random numbers that is included in an official standard documented by the National Institute of Standards and Technology (NIST) could potentially include a backdoor planted by the NSA.