With all of the issues surrounding online privacy and internet snooping many are very concerned about having their personal information reviewed, logged, scanned and then stored away for sale by the companies that are tracking this. This issue is a very real one and as the companies we work for can (and do) put system in place to monitor, log and block certain types of traffic we are not surprised to see this become a very hot topic. The issue has become so large that there are multiple protests about privacy and personal data security happening in many countries. So what are you to do if all you really want is to check your Hotmail or maybe do some quick shopping without giving up all of your details? A Canadian company by the name of SurfEasy has a possible answer for you. So sit back, relax and read along as we talk about the SurfEasy Plug-in Privacy device.
Although the media world seems shocked by the news that the unmanned drones in use by the military are vulnerable to cyber-attacks we wonder exactly why. I mean come on how many security breaches of high-level “secured” sites have to happen before someone gets it? There really is no such thing as a secure system. This has been shown time and again going back to the first encryption methods. If you have some access to the system you can get in.
As I was wandering the internet today and looking for something interesting to write about I stumbled upon an article that made me laugh a little. The article was talking about the Flame virus and how the methods used to crack open Microsoft’s certificates (called a collision) is a big issue. Now do not get me wrong, the entire Flame malware was a big deal and not just the ability to spoof Microsoft’s certificates to make the code seem legitimate.
I am not even sure how many times I have said this, but here it is again; what man can lock (encrypt etc) man can unlock. This has been proven again as Fujitsu has announced a world record breaking event in crypto cracking. The electronics company’s research and development arm has successfully cracked and cypher that was 278 digits long (this equates to 923 bit). The feat surpasses a breakthrough in 2009 by 74 digits.
One of my favorite quotes (relating to security) is “what man can lock, man can unlock”. Another quote that I like is “they all break when you apply enough pressure”. Both of these are crucial to an understanding of security as it relates to just about everything. This includes physical security, data security; you name it… if you try to hide it or lock it up someone can get at it with enough time and resources. One place that this is often overlooked is in the department of DRM (Digital Rights Management).
With all of the security related news flying around we have received word from Kingston about an issue that affects the encryption feature in their SSDNow V+200 and KC100 lines. The issue is with the level of encryption that the SF-2000 is presenting. According to LSI (Pronounce that SandForce) the SF-2000 should be encrypting your data with 256-bit AES encryption. The problem is that it is not providing that and is instead only hitting 128-Bit AES Encryption.
Corrected 9-26-2013 12:48PM EST to add information from RSA and correct the headline from "RSA Says Not To Use Their Toolkit For Fear it Might Have an NSA Backdoor" to what it currently is.
A couple of weeks ago we reported on a claim that the NSA worked with many security companies and standards groups to help develop encryption algorithms. On the surface this was to help develop stronger and more secure encryption methods to protect US interests and data. However, it turned out that the NSA was actually working to introduce flaws into the system so that they could get back in at a later date. Some of these flaws might have even been exploited by hackers attempting to penetrate systems. We know that in recent years more and more data breaches are happening and the data recovered is often decrypted and sold off. Still until very recently there has not been much to hold up the original claims.
There is a rumor going around (from “sources wishing to remain anonymous”) that claims that US Law Enforcement and the NSA have been asking internet companies for user passwords. The article originally posted by cNet has made the rounds this morning across a few sites; all of them pointing back at the single cNet source. Now on top of everything else that is going on many people are ready to jump on board with this and further denounce the NSA, the FBI, DHS, IRS, and anyone else in the US government with initials. But outside of the claims from a single blogger at cNet are there any other indications that this is a common practice?
You know, the Internet is a scary enough place with all of the Malware, scams, hackers and other crap. No one needs to be worried about the government looking over their shoulders as well. However, this is what we reminded is happening when Edward Snowden released his cache of documents to the world (through the Guardian and other news sites). We found that under the guise of protecting us from terrorism and other real and imagined threats the US government has been collecting all of our internet data for a number of years. Now this was a great surprise to many people although it should not have been.
Remember how we told you about that some of the world’s most sensitive infrastructure hardware could be vulnerable by simply searching for them on Google? Well now we hear that even your car can be compromised with the right gear, as a group of security experts showed at Black Hat in Las Vegas. By setting up their own GSM network (granted not an easy task) the group was able to unlock and then start a Subaru SUV.
What they did was to capture authentication messages sent from the control server to the car. Once they had these in hand they were able to send commands to the car using an Android based smart phone and that was pretty much it.
As more and more of the world goes wireless you have to worry about what security is (and can honestly be put) in place to protect from this type of attack. It is not uncommon for banks to run wireless as a backup (that is still open and in a passive state) many security cameras will operate over 3G now as well. With the SCDA vulnerability and one I have recently heard of that affects banking applications on both Android and the iPhone you have to wonder just who is in charge of keeping these things safe?
Discuss this on our Forum