Posts Tagged “cryptography”
by Matt Wharton on February 5, 2008
Wired’s Threat Level blog covers the vulnerability in Google’s handling of SSL and session IDs.
One of the big stories at DefCon last year was a security researcher’s demonstration of wirelessly sniffing users’ session cookies while they accessed their e-mail accounts or conducted e-commerce transactions via wireless networks. The attack allowed a hacker access to the victim’s Gmail or Hotmail account without needing to decipher the user’s password.
Now the security researcher who presented that info has found that even using SSL HTTPS to access your Gmail account — which was touted at the time as a surefire way to protect Gmail users against such an attack — is vulnerable to this hack.
Additional coverage at The Register.
by Matt Wharton on February 1, 2008
BBC News: M&S staff details left on laptop
Marks and Spencer has been found in breach of data protection rules after the theft of a laptop containing the personal details of 26,000 employees.
The Information Commissioner’s Office (ICO) said the data on the laptop, which was stolen from the home of an M&S contractor, was unencrypted.
The ICO has ordered M&S to make sure all laptop hard drives are fully encrypted by April 2008.
by Matt Wharton on January 29, 2008
Amateur cryptographer Joachim Schueth has beaten the British World War II computer Colossus of Bletchley Park in a code-cracking challenge.
Joachim Schueth solved a German cipher in just 46 seconds, more than three hours quicker than the 60 year old PC.
He received a prize from the National Museum of Computing, which included a valve from the Colossus machine.
Mr Schueth deciphered the code using a laptop and a program he wrote specifically for the challenge.
To be clear he beat out other competitors who had themselves written their own cryptanalysis tools to crack the encrypted message rather than just Colossus as that would not really have been a fair contest at all.
by Matt Wharton on May 27, 2007
TrueCrypt is free software that encrypts data “on-the-fly”. You can create an encrypted hard drive, a separate partition or a directory. TrueCrypt is portable — it works on GNU/Linux and Windows. Worried about losing your valuable data when your laptop gets stolen? Don’t wait and encrypt your data now!
by Matt Wharton on March 29, 2007
TrueCrypt is really astonishingly wonderful piece of cryptographic software and unfortunately and ironically for me it is too good at what it does.
TrueCrypt is a free and open source utility that performs on on-the-fly encryption allowing the user to create a virtual encrypted disk (TrueCrypt volume). TrueCrypt can either create an encrypted file that acts as a real disk or encrypt an entire hard disk partition or a storage device/medium, such as floppy disk or USB memory stick.
One of the best features of the TrueCrypt software is that allows you to use passwords based upon the content of files. So you designate one or more files as keyfiles and it combines that with the password you type in to create an ultra-secure unbreakable password. So say you choose the password Gazza after your favourite footballer of the 90s this would be a trivial password for a brute force attack to crack but if you were to combine it with a keyfile of an MP3 of Fog On The Tyne then it would become immeasurably more difficult.
However should you ever lose the keyfiles that you chose to use or like me forget which ones that you used the TrueCrypt volume that you have created becomes impossible to open and you lose all the data you have so carefully secured.
Luckily for me the drive that I had encrypted was merely used to back up important data for my publishing business and so I didn’t lose anything but the time it took to reformat the disk and back up all my business data yet again.
I do wonder what would have happened should I have been compelled to decrypt the volume under Part III of the Regulation of Investigatory Powers Act 2000 as clearly I really could not have done so.
by Matt Wharton on August 17, 2006