Disk encryption may not be secure enough, new research finds: Declan McCullagh at CNET has a good overview of the recently discovered attacks on disk encryption systems. It has consequences beyond disk encryption as the attacker will have access to the entire contents of memory. The discovery is likely to cause some major changes in the way a number of systems such as sleep, hibernate and various encryption mechanisms handle writing encryption keys to memory as well as how DRAM is cleared on shutdown.
McAfee Avert Labs Blog: Can I own your wireless network?: Brad Antoniewicz writes about a presentation he gave with Josh Write at Shmoocon about insecurities in corporate wireless configurations running WPA Enterprise with a number of common authentication mechanisms (PEAP and EAP/TTLS). The problem is that many wireless clients do not perform adequate (or any) checks on the certificate any thus may give up credentials (in some cases clear text) to rogue authentication points.
Research May Hasten Death of Mobile Privacy Standard - Security Fix: Brian Krebs writes about another presentation at Shmoocon by David Hulton and Steve Miller on providing relatively fast, accurate, and inexpensive attack on A5/1 which is the encryption algorithm used by most GSM phones in the US and Europe. A configuration that achieves about 95 percent accuracy for decrypting conversations and text messages can be built for roughly $1000 US. Greater speed can be achieved by simply purchasing addition hardware.
Related posts
Link roundup for 3/30/08 The theme of today's link roundup is about obtaining access to data you may have stored on one web-based service from another web-based service or an applicatio ...
Link roundup for new OpenID uses and problems ongoing - OpenID at Work: Tim Bray writes about Sun's recently announced internal OpenID service. Sun is now offering an OpenID provider, but only for Sun emplo ...
Link roundup for 11/26/07 12 spam research projects that might make a difference: Network World gives a short description of a dozen research anti-spam research projects from university ...
Syndicate with RSS
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment