security

12-year-old French girl caught writing bad checks for candy

"A 12-year-old girl in the southern French city of Bordeaux has been caught by police after using stolen cheques to buy 2,600 euros ($3,440) worth of candies and pastries. Local police said Thursday that the girl had stolen a chequebook in March from a neighbour and used it over several months to buy the sweets from local bakeries. Her criminal sweet tooth was uncovered when a local bakery tried to deposit 23 of the cheques and they bounced. She was quickly apprehended, questioned by police and released after her parents agreed to pay the bakery back." Continue reading

Continue Reading12-year-old French girl caught writing bad checks for candy

Prosecutors charge 6 in $300M credit card hacking scheme

"Russian Dmitriy Smilianets, 29, is accused of selling the stolen data and distributing the profits. Prosecutors said he charged $10 for U.S. cards, $15 for ones from Canada and $50 for European cards, which are more expensive because they have computer chips that make them more secure. The five concealed their efforts by disabling anti-virus software on victims computers and storing data on multiple hacking platforms, prosecutors said. They sold the payment card numbers to resellers, who then sold them on online forums or to 'cashers' who encode the numbers onto blank plastic cards." Continue reading

Continue ReadingProsecutors charge 6 in $300M credit card hacking scheme

Digital Carjackers Show Off New Attacks, Funded By $80,000 Pentagon Grant

"This fact, that a car is not a simple machine of glass and steel but a hackable network of computers, is what Miller and Valasek have spent the last year trying to demonstrate. Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles." Continue reading

Continue ReadingDigital Carjackers Show Off New Attacks, Funded By $80,000 Pentagon Grant

The Creepy, Long-Standing Practice of Undersea Cable Tapping

"More than 550,000 miles of flexible undersea cables about the size of garden watering hoses carry all the world's emails, searches, and tweets. Together, they shoot the equivalent of several hundred Libraries of Congress worth of information back and forth every day. In 2005, the Associated Press reported that a submarine called the USS Jimmy Carter had been repurposed to carry crews of technicians to the bottom of the sea so they could tap fiber optic lines. The easiest place to get into the cables is at the regeneration points -- spots where their signals are amplified and pushed forward on their long, circuitous journeys." Continue reading

Continue ReadingThe Creepy, Long-Standing Practice of Undersea Cable Tapping

CryptoParty: Party like it’s December 31st, 1983

"Attend a CryptoParty to learn and teach how to use basic cryptography tools. A CryptoParty is free, public and fun. People bring their computers, mobile devices, and a willingness to learn! CryptoParty is a decentralized, global initiative to introduce the most basic cryptography software and the fundamental concepts of their operation to the general public, such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging). CryptoParties are free to attend, public, and commercially and politically non-aligned." Continue reading

Continue ReadingCryptoParty: Party like it’s December 31st, 1983

Cypherpunk (Wikipedia)

"A cypherpunk is an activist advocating widespread use of strong cryptography as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s. A very basic cypherpunk issue is privacy in communications and data retention. Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography, which remained an issue throughout the late 90s." Continue reading

Continue ReadingCypherpunk (Wikipedia)

Whitfield Diffie (Wikipedia)

"Bailey Whitfield 'Whit' Diffie is an American cryptographer and one of the pioneers of public-key cryptography. In 1975-76, Diffie and Martin Hellman criticized the NBS proposed Data Encryption Standard, largely because its 56-bit key length was too short to prevent Brute-force attack. Subsequent history has shown not only that NSA actively intervened with IBM and NBS to shorten the key size, but also that the short key size enabled exactly the kind of massively parallel key crackers that Hellman and Diffie sketched out. When these were ultimately built outside the classified world, they made it clear that DES was insecure and obsolete." Continue reading

Continue ReadingWhitfield Diffie (Wikipedia)

Data Encryption Standard – NSA’s involvement in the design (Wikipedia)

"In 1973 NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in ...] NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key." Continue reading

Continue ReadingData Encryption Standard – NSA’s involvement in the design (Wikipedia)

Data, meet spies: The unfinished state of Web crypto

"Most Internet companies do not use an privacy-protective encryption technique that has existed for over 20 years -- it's called forward secrecy -- that cleverly encodes Web browsing and Web e-mail in a way that frustrates fiber taps by national governments. Lack of adoption by Apple, Twitter, Microsoft, Yahoo, AOL and others is probably due to 'performance concerns and not valuing forward secrecy enough,' says Ivan Ristic, director of engineering at the cloud security firm Qualys. Google, by contrast, adopted it two years ago." Continue reading

Continue ReadingData, meet spies: The unfinished state of Web crypto

Google strengthens Android security with NSA’s SELinux; TPM also coming

"Originally developed by programmers from the National Security Agency, SELinux enforces a much finer-grained series of mandatory access control policies. the other big security enhancement introduced in Android 4.3 is a more robust way to store cryptographic credentials used to access sensitive information and resources. 'With the keychain enhancements, the system-wide keys are bound to a hardware-based root of trust process devices that support this,' said Pau Oliva Fora, senior mobile security engineer at viaForensics. 'The phone needs to have a secure element such as a Trusted Platform Module so that private keys can't be stolen.'" Continue reading

Continue ReadingGoogle strengthens Android security with NSA’s SELinux; TPM also coming