Security boffins unveil BitUnlocker
Word arrives from The Electronic Frontier Foundation that a crack team of researchers – including the Foundation’s own Seth Schoen – have discovered a gaping security flaw in everyday disk encryption technologies, including Microsoft’s BitLocker as well as TrueCrypt, dm-crypt, and Apple’s FileVault.
Granted, it’s possible, but it involves accessing the key from memory during a rather short window.
I came across this a while ago, and thought I’d share: every chapter of The Handbook of Applied Cryptography (regarded as “the standard reference work in technical cryptography”) is now available online for free.
Mmmmmm… math.
We are pleased to announce that TrueCrypt 5.0 has been released. Among the new features are the ability to encrypt a system partition or entire system drive (i.e. a drive where Windows is installed) with pre-boot authentication, pipelined operations increasing read/write speed by up to 100%, Mac OS X version, graphical interface for the Linux version, XTS mode, SHA-512, and more.
We use truecrypt at my new job to encrypt our off-site backups (which are portable drives located on-site briefly during backup then taken off-site again). It seems to work fairly well and removes the “what if” factor of having the backup stolen from my apartment.
I’ve been using a mix of TrueCrypt and encrypted DMG images on my flash drives to have portable personal data (and other secure shit). Now, I can get rid of the encrypted DMGs and not worry about having to have access to a Mac in order to read them.
GUIs for the 3 major OSes and full-HD encryption for Windows? Rock on, TrueCrypt, rock on.
Holy shit! Didn’t see this one coming (especially since Solaris 10 comes with PostgreSQL, not MySQL).
I think this is good news – Sun has been doing a lot of open, progressive work (OpenOffice & OpenSolaris) and I think MySQL (and its users) will benefit from the acquisition.
From http://blogs.sun.com/jonathan/:
But the biggest news of the day is… we’re putting a billion dollars behind the M in LAMP. If you’re an industry insider, you’ll know what that means – we’re acquiring MySQL AB, the company behind MySQL, the world’s most popular open source database.
Hello all – the good news is that steady progress on getting my f*&#ing Master’s degree done is being made. I’m hoping to be done with my project in mid to late January. At that point, the podcast should be back in swing, as working on my thesis paper will require a lot less of my time than the project.
At any rate, to all of our listeners, we wish you the happiest of holidays and a fantastic new year!
From: http://www.hackaday.com/2007/12/02/wireless-keyboards-easily-cracked/
The “encryption” used on each regular keystroke involves XORing the key against a random one byte value determined during the initial sync with the receiver. So, if you sniff the handshake, you can decrypt the keystrokes. You really don’t have to though; there are only 256 possible encryption keys. Using a dictionary file you can check all possible keys and determine the correct one after only receiving 20-50 keystrokes
What I don’t get is this – who thinks this is good encryption for the real world? Yeah, an XOR is a nice and easy obfuscation, but is it not encryption!
As an industry, we really have to get our heads out of asses on this. Wireless communication is being used more and more in production environments and this shit is often way too easy to hack.
First off – I’m back deep into working on my thesis. Hopefully, we’ll have another episode out soon.
In the meantime, I just came across this on Slashdot:
Slashdot | Shake a Secure Bluetooth Connection:
I like the concept. Bluetooth needs something extra for security, although I’m not sure if I’m 100% behind shaking my devices to get them to pair, it is a novel concept.
Next question, though… are more devices going to come with screen shields to help against all the rubbing they’ll undergo from being shaken with other devices to get them to pair?
Episode 58 URLs & Notes (MP3) (AAC)
Yes, boys and girls, we’re not dead. And… we’ve recorded episode #58 (again). We were a little rough and we tended to rant a bit, but we’ll back in the swing of things again in no time. Look for episode 58 to be published later this week.
Pings from listeners wondering if we’ve decided to throw in the towel have been coming in fairly steady during our extended break, and we appreciate it. It’s good to know that we’re doing something worthwhile!
No, we haven’t burned out, we’ve just been doing other things. Nem and I both changed jobs, and Nem is working on getting his Master’s thesis done this fall. We had recorded episode 58 (which I am now christening “The Lost Episode”) some time ago, but thesisizing has kept Nem pretty busy and it never got edited. Pretty much everything in it has gone quite stale now, but we’re intending to record the real 58 soon.
So, don’t give up on us. We’ll be right back after these short messages.
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | ||||
22 queries. 0.358 seconds.
