Displaying items by tag: Encryption

As I was wandering the internet today and looking for something interesting to write about I stumbled upon an article that made me laugh a little. The article was talking about the Flame virus and how the methods used to crack open Microsoft’s certificates (called a collision) is a big issue. Now do not get me wrong, the entire Flame malware was a big deal and not just the ability to spoof Microsoft’s certificates to make the code seem legitimate.

With all of the security related news flying around we have received word from Kingston about an issue that affects the encryption feature in their SSDNow V+200 and KC100 lines. The issue is with the level of encryption that the SF-2000 is presenting. According to LSI (Pronounce that SandForce) the SF-2000 should be encrypting your data with 256-bit AES encryption. The problem is that it is not providing that and is instead only hitting 128-Bit AES Encryption.

The Apple Mythology continues to crumble as we hear (and have confirmed) that an update to Apple’s OSX Lion has exposed the passwords and questions to partitions protected with Apple’s FileVault. The issue rears its head when someone using FileVault updates to OSX 10.7.3. When this happens the update ends up writing the user’s credentials into the system’s plain-text debug file.

With all of the issues surrounding online privacy and internet snooping many are very concerned about having their personal information reviewed, logged, scanned and then stored away for sale by the companies that are tracking this. This issue is a very real one and as the companies we work for can (and do) put system in place to monitor, log and block certain types of traffic we are not surprised to see this become a very hot topic. The issue has become so large that there are multiple protests about privacy and personal data security happening in many countries. So what are you to do if all you really want is to check your Hotmail or maybe do some quick shopping without giving up all of your details?  A Canadian company by the name of SurfEasy has a possible answer for you. So sit back, relax and read along as we talk about the SurfEasy Plug-in Privacy device.

Remember how we told you about that some of the world’s most sensitive infrastructure hardware could be vulnerable by simply searching for them on Google? Well now we hear that even your car can be compromised with the right gear, as a group of security experts showed at Black Hat in Las Vegas. By setting up their own GSM network (granted not an easy task) the group was able to unlock and then start a Subaru SUV.

What they did was to capture authentication messages sent from the control server to the car. Once they had these in hand they were able to send commands to the car using an Android based smart phone and that was pretty much it.

As more and more of the world goes wireless you have to worry about what security is (and can honestly be put) in place to protect from this type of attack. It is not uncommon for banks to run wireless as a backup (that is still open and in a passive state) many security cameras will operate over 3G now as well. With the SCDA vulnerability and one I have recently heard of that affects banking applications on both Android and the iPhone you have to wonder just who is in charge of keeping these things safe?

Source Engadget

Discuss this on our Forum