DecryptedTech - Technology News and Reviews Done Right

Although the media world seems shocked by the news that the unmanned drones in use by the military are vulnerable to cyber-attacks we wonder exactly why. I mean come on how many security breaches of high-level “secured” sites have to happen before someone gets it? There really is no such thing as a secure system. This has been shown time and again going back to the first encryption methods. If you have some access to the system you can get in.

I am not even sure how many times I have said this, but here it is again; what man can lock (encrypt etc) man can unlock. This has been proven again as Fujitsu has announced a world record breaking event in crypto cracking. The electronics company’s research and development arm has successfully cracked and cypher that was 278 digits long (this equates to 923 bit). The feat surpasses a breakthrough in 2009 by 74 digits.

One of my favorite quotes (relating to security) is “what man can lock, man can unlock”. Another quote that I like is “they all break when you apply enough pressure”. Both of these are crucial to an understanding of security as it relates to just about everything. This includes physical security, data security; you name it… if you try to hide it or lock it up someone can get at it with enough time and resources. One place that this is often overlooked is in the department of DRM (Digital Rights Management).

With all of the security related news flying around we have received word from Kingston about an issue that affects the encryption feature in their SSDNow V+200 and KC100 lines. The issue is with the level of encryption that the SF-2000 is presenting. According to LSI (Pronounce that SandForce) the SF-2000 should be encrypting your data with 256-bit AES encryption. The problem is that it is not providing that and is instead only hitting 128-Bit AES Encryption.

Remember how we told you about that some of the world’s most sensitive infrastructure hardware could be vulnerable by simply searching for them on Google? Well now we hear that even your car can be compromised with the right gear, as a group of security experts showed at Black Hat in Las Vegas. By setting up their own GSM network (granted not an easy task) the group was able to unlock and then start a Subaru SUV.

What they did was to capture authentication messages sent from the control server to the car. Once they had these in hand they were able to send commands to the car using an Android based smart phone and that was pretty much it.

As more and more of the world goes wireless you have to worry about what security is (and can honestly be put) in place to protect from this type of attack. It is not uncommon for banks to run wireless as a backup (that is still open and in a passive state) many security cameras will operate over 3G now as well. With the SCDA vulnerability and one I have recently heard of that affects banking applications on both Android and the iPhone you have to wonder just who is in charge of keeping these things safe?

Source Engadget

Discuss this on our Forum

The Apple Mythology continues to crumble as we hear (and have confirmed) that an update to Apple’s OSX Lion has exposed the passwords and questions to partitions protected with Apple’s FileVault. The issue rears its head when someone using FileVault updates to OSX 10.7.3. When this happens the update ends up writing the user’s credentials into the system’s plain-text debug file.