Archive for: encryption
Cryptography researches Andrey Bogdanov (K.U.Leuven — Katholieke Universiteit Leuven), Dmitry Khovratovich, (Microsoft Research) and Christian Rechberger (ENS Paris) managed to find a weakness in AES encryption that now makes the security protocol 4x easier/faster to crack. The crack has already been seen and confirmed by AES creators Dr Joan Daemen and Professor Dr Vincent Rijmen.
Seeing as how AES-128 specifically is one of the more widely used, secure systems the world uses today, this news is somewhat troubling — until you hear how long it still takes to crack it. According to the three musketeers of science, the number of steps to crack AES now stands at an “8″ followed by 37 0′s. Per Bagdanov:
“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key.”
Looks like we can continue relying on AES encryption for at least a few more years…
Hoard water, beef jerky, and batteries for Apple’s hardware-based iPhone encryption has been cracked! (Sounds like a CNN title, eh?) In reality, the threat isn’t quite as bad as it initially sounds. For starters, the company responsible for the discovery, ElcomSoft, says that only the backups of iPhones are retrievable. Add to that the fact that you’ll need to have physical access to the iPhone you’re trying to actually trying to break in to adds a level of difficulty. Finally, you’ll need some pretty beefy hardware to decrypt AES 256-bit security.
With that said, law enforcement and intelligence agencies can acquire an “Enhanced Forensic Access” toolkit that includes ElcomSoft’s Phone Password Breaker as well as various other tools designed to break even the toughest security. In regards to the newly cracked iPhone hardware encryption, ElcomSoft used a bit-to-bit image decryption method eventually exposing both iOS and even BlackBerry backups. Persons not part of the intelligence or law enforcement agencies can still walk away with ElcomSoft’s Phone Password Breaker tool sans many of the tools included in the paid “non-consumer” version.
The full account can be found over at ElcomSoft’s website here (PDF).
If you thought RIM was going to cave to foreign countries’ demands to weaken the security of the BlackBerry platform, you were sorely mistaken. RIM’s response is actually quite refreshing (and comical) in an age where big business and government politics are trumping individual freedoms and privacy left and right.
Specifically, when questioned about the recent BlackBerry bans spreading around the Middle East, Mike Lazaridis, RIM’s co-CEO had a few choice sentences:
This is about the Internet,” Mr. Lazaridis said. “Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can’t deal with the Internet, they should shut it off.
We have dealt with this before,” Mr. Lazaridis said. “This will get resolved. And it will get resolved if there is a chance for rational discussion.
Although Mr. Lazaridis said RIM wouldn’t compromise the security of its products, he acknowledged the company would have to cooperate with authorities if handed a court order to do a lawful intercept of a person’s communications. “I would give them the encrypted stream,” he said. “It would have to be like a wiretap.”
We are going to continue to work with them to make sure they understand the reality of the Internet,” he said. “A lot of these people don’t have Ph.Ds, and they don’t have a degree in computer science.”
Clearly, RIM isn’t bending over. ‘Tis a proud day to be a BlackBerry user. RIM’s got your back.
Update
Yeah, about that proud, warm feeling over RIM’s hard stance — it was all talk. Local servers are being placed in Saudi Arabia as we speak. So much for consumers’ best interests and privacy.
Well, this could be seen as a potential problem…
RSA encryption has been cracked — 1024-bit encryption to be more precise. If you’re wondering who had the time and money to put together the necessary machinery to trim a several hundred year job (at best) down to a few months? It’s not quite as simple as you’d think. The more common way of breaking such security is by brute force. But the brute force needed to crack 1024 the “standard” way is simply not attainable by any one human or company as the costs for owning and maintaining computer would be astronomical.
So how exactly do you break 1′s and 0′s that are 1024-bit strong? Put the CPU on a diet of course. It’s rather simple if you don’t look into all of the science or other technical mumbo jumbo. All that’s needed is some voltage modifications causing a single error per clock cycle. During these errors, the CPU will actually flip bits, making them completely open for the world to see and giving researchers a slow but steady way of putting the password puzzle together.
Don’t go running just yet. While this is no doubt a major development in technology/encryption/security, the team who accomplished this task used no less than 81 Pentium 4 machines all churning towards the same goal which was completed in a rather brisk. Still, I don’t know about you, but I don’t know anyone with that many computers. A malicious government we still have to worry about, but some angry computer junky aiming to rewrite the world — not so much.
Engadget
- December 17, 2009 5:49 pm
Not more than 8-10 hours ago we highlighted a developing story concerning the US Military’s use of unencrypted feeds on unmanned drones. Wouldn’t you know it, the situation is a bit hairier and scarier than that. Unfortunately for us, the US has built the satellite technology used in the current crop of unencrypted drones to all corners of the militaries various aircraft. Oh god. And now a quote from Wired after conversation between them and US Military officials:
Since then, nearly every airplane in the American fleet – from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq…
Hmm, big oversight don’t you think? The fact that our entire fleet of aircraft is now easily circumvented with a satellite dish and some software costing us 1/2 an Xbox 360 game is slightly unsettling. Now I’m curious how they plan on fixing this problem. Will they have to rebuild nearly every aircraft and tool using the flawed technology or is it as simple as a software/protocol change? Let’s hope for the former shall we…
Wired
- December 17, 2009 8:10 am
Unmanned aircraft are one of the greatest tools the US Military currently has in their arsenal. The humanless aircraft are able to go into remote regions and zones that would otherwise be too dangerous or inhospitable for human engagement. The only human interaction with the aircraft comes by way of a guy sitting behind a little TV screen controlling a few buttons and joystiqs. Easy. Safe. Simple.
The data captured by these drones is as one would expect, highly classified as the usual missions for these bodiless wonders often consist of spying with an ultimate focus on be covert. Not being physically seen is good and all, but this is the 21st century. The world is becoming increasingly digital, opening up new doors for all kinds of bad guys and attack methods.
With that said, would it shock or surprise you to know that the US Military is having feeds from unmanned aircraft “hijacked”? According to the WSJ, insurgents abroad are basically pointing their satellites up into the sky and using a widely available $25 piece of software (aka: network snooper) to hone in and download the drone/unmanned aircraft’s video feeds sailing through the wireless airwaves. Naturally, this presents a fundamental national security problem. What good is sneaking up on the enemy with a drone if the enemy can see exactly where it’s going?
The question that comes to my mind first and foremost: Why is the US Military of all people using unencrypted video feeds in such a volatile area? You’d think given the insurgents insatiable appetite to blow us all away would make the US Military a tad more careful with these sorts of things. Any admission of this story whether an actual admission or flat out denial will never mean anything. Regardless, if they are in fact running drones around the world with any link in the system unencrypted, we’ll never know. It will ultimately be labeled a “false rumor” for all eternity as the military will deny deny deny.
Scary stuff.
CrunchGear
[Image Source]
- September 15, 2009 6:41 am
Remote desktop while a very handy and useful technology is so old. Something new, exciting, and fresh needs to come along however. But what could take the place of something so ubiquitous? iTwin would like you to consider them as a potential candidate. iTwin is a USB stick that one person shares with his bestest friend or colleague as to allow them to securely share information (much like remote connection) between two computers over the web. The possibilities of such a device of course are easy to see. With the iTwin, remotely connecting two computers is drop dead simple and, according to CEO Lux Anatharaman and COO Kal Takru, incredibly secure.
Upon plugging in the iTwin, the two devices sync a private key keeping spying eyes out, after which, the two devices are ready to go with no need to log in with any type of ID or cumbersome software downloads. If you ever find yourself in the hairy position of having lost your half of the deal, a simple call to iTwin can deactivate the lost half so that your data remains forever safe. Initial launch has iTwin walking the streets of Singapore first with a U.S. and Europe launch roughly six months later. If you are the type that would warrant such a device, does the $99 asking price seem right?
Source: Gizmodo, Tech Crunch, Venture Beat
At first, the title may start your heart into a flurry of disassociated beats leaving you lost, scared, and hopeless. While a team of researches in Japan did in fact crack WPA encryption, the world is far from over. First, how did they do it? Simple. By exploiting a flaw in the Temporal Key Integrity Protocol (TKIP) they managed to blow a WPA TKIP protected network wide open. Now again, this is easily fixed — simply switch to WPA AES or move on to greener, more heavily fortified WPA2 pastures. WPA TKIP is sort of like the “new WEP” in that it is becoming pretty much useless as a security method for protecting a wireless network.
Of course, as CrunchGear highlights, you could be ultra secure and forget this stupid password nonsense all together by using SSL or TLS to keep snoops off of your network. Whataya’ say?
Source: CrunchGear, Yahoo News, Image Source
Maybe the Personal Safe Flash drive doesn’t hold enough data for your liking. Do you need gigs upon gigs of secure storage? Where the Personal Safe flash drive falls short, the Padlock Encrypted Hard Drive excels. What truly makes this drive a secure powerhouse is that it is secured at the hardware level meaning that if a half-way intelligent thief rip the drive out of the case, your data will still be secured by either 128 or 256 bit encryption. Adding a further monkey wrench into any prying eyes can be easily accomplished by activating an admin password that can be set to override the original code!
Of course, what good is a portable hard drive if you have to carry a dozen different cables. Thankfully this miniature Fort Knox in a case is bus powered meaning all the juice and data transferring you can handle are taken care of by a solitary cable. Said cable retracts into the case for the ultimate low profile design when toting this thing around. Rounding out the list of notable features is the addition of shock proof mounts meaning that this drive is up to experiencing real life and isn’t just meant to sit on the desk and look pretty. Windows and OS X are both supported so it doesn’t matter which side of the fence you’re on, your data is good to go. As far as pricing goes, there are a few choices. If you want to dip your toe into the whole encrypted data scene, the 128 bit, 250 GB hard drive will set you back $100. Though if you’re extra paranoid and/or have a mountain of data, the 256 bit, 500GB hard drive runs $160 and may be more to your liking.
So what will it be, the Personal Safe Flash drive or the Padlock Encrypted Drive?
[Product Page]
Source: Wired, Macworld
