Linux Cryptography - Page 17 - Results from #320

Discover Cryptography News

The inherent weaknesses in token-based authentication

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Alternative tokenless 2FA technologies may offer much greater levels of security, especially in light of the recent news that hackers have stolen data related to RSA secure tokens

LinuxSecurity.com Team
Mar 23, 2011

SSL meltdown forces browser developers to update

According to Tor developer Jacob Appelbaum and a blog posting by the Mozilla Foundation, the Comodo SSL Certification Authority may have been compromised. As a consequence, criminals apparently obtained nine certificates for web sites that already existed, including addons.mozilla.org.

LinuxSecurity.com Team
Mar 23, 2011

Google Mandates SSL For Developer APIs

API requests for Google Documents List, Google Spreadsheets, and Google Sites will be required to use secure sockets layer connections.

LinuxSecurity.com Team
Mar 21, 2011

Vulnerabilities in STARTTLS implementations

Vulnerabilities in implementations of the STARTTLS protocol for establishing an encrypted TLS connection could allow commands to be injected into a connection. According to a description by the discoverer of the problem, Postfix developer Wietse Venema, the key point is that commands are injected into the connection before it has been secured/encrypted, but are only executed once the secure connection has been established.

LinuxSecurity.com Team
Mar 08, 2011

Is P2P Encryption Secure? That Depends...

The most secure P2PE option is to replace existing payment terminals with newer hardware devices offering built-in encryption capabilities. With encryption at the read head, all mag stripe data is encrypted on the hardware terminal itself as soon as the consumer swipes his or her card. No readable data ever leaves the unit, eliminating the risk of theft as it traverses the merchant network. This strategy completely defuses the threat of online attacks.

LinuxSecurity.com Team
Mar 01, 2011

Hackers avoiding encryption with memory scraping

What's "pervasive memory scraping" and why is it considered by SANS Institute security researchers to be among the most dangerous attack techniques likely to be used in coming the coming year?

LinuxSecurity.com Team
Feb 23, 2011

Helzberg Diamonds chooses tokenization for PCI

Florian Yanez, manager of technical systems for Helzberg Diamonds, is among those attending RSA Conference 2011. CSO recently caught up with him for a discussion on his company's efforts to adopt tokens as a way to address PCI DSS' rules on stored customer data.

LinuxSecurity.com Team
Feb 15, 2011

Low-cost SSL proxy could bring cheaper, faster security; defeat threats like Firesheep

Researchers have found a cheaper, faster way to process SSL/TLS with off-the-shelf hardware, a development that could let more Web sites shut down cyber threats posed by the likes of the Firesheep hijacking tool.

LinuxSecurity.com Team
Jan 26, 2011

Announce: OpenSSH 5.7 released

OpenSSH 5.7 has just been released. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Read on for a description of the improvements, including Elliptic Curve Cryptography, sftp performance improvements, and much more.

LinuxSecurity.com Team
Jan 24, 2011

Hacker Shows How Cloud Could Wash Out Wireless Security

A hacker claims he's used Amazon's cloud services to bust open SHA-1, a wireless network security standard, and he says he'll be demonstrating his process at an upcoming Black Hat get-together. Malicious hackers could quickly set up brute-force attack systems using the cloud, but critics say real-world password cracks might not come so easily.

LinuxSecurity.com Team
Jan 12, 2011

Feds relax export curbs on open-source crypto

Federal restrictions will be relaxed on the export of open-source software that incorporates strong encryption, the US government announced on Friday in a lengthy disclosure. The effect of the changes announced in the US Federal Register is that cryptography software now may be exported to Cuba, Iran, North Korea, Syria, and Sudan as long as the source code from which it was derived is already

LinuxSecurity.com Team
Jan 07, 2011

99.98% Of Domains Unsigned By DNS Security Extensions

Use of the Domain Name System Security Extensions (DNSSEC) specifications for securing domain names increased by 340% from 2009 to 2010. Even so, only 0.02% of Internet zones are now being signed with DNSSEC, and 23% of those are using expired signatures.

LinuxSecurity.com Team
Dec 08, 2010

Fast-encryption feature arrives in Chrome

Google has begun shipping a feature called False Start in its Chrome browser to speed up secure communications. False Start essentially cuts out one set of the back-and-forth conversation needed to set up a secure channel between a Web browser and Web pages.

LinuxSecurity.com Team
Dec 07, 2010

The MicroSD Card That Encrypts Voice Calls on Mobile Phones

Giesecke & Devrient (G&D) is introducing a new microSD card to prevent cell phone tapping. The Mobile Security Card VE 2.0 contains a cryptocontroller which encrypts cell phone conversations and securely authenticates the user. The microSD card was developed by Giesecke & Devrient Secure Flash Solutions (G&D SFS), a joint venture of G&D and Phison Electronics.

LinuxSecurity.com Team
Nov 30, 2010

http://laforge.gnumonks.org/weblog/2010/11/12/#20101112-history_of_a52_withdrawal

Recently, I wanted to investigate when and how A5/2 has been withdrawn from both GSM networks and GSM phones alike. Unfortunately there was no existing article discussing this history online, so I went through dozens of meeting reports and other documents that I could find online to recover what had happened.

LinuxSecurity.com Team
Nov 26, 2010

OpenSSL squashes remote code execution bug

Red Hat security team rates the vulnerability 'important'. The OpenSSL server has now been patched to fix a critical flaw which could be used to remotely execute code or cause an application to crash.

LinuxSecurity.com Team
Nov 22, 2010

Amazon Launches High Performance Cloud

Calling it a "nuclear-powered bulldozer", yesterday, Amazon announced and blogged about its newest cloud infrastructure service, the "Cluster GPU Instance", which delivers supercomputer calculation power for as little as $2.10 per hour. The new instance type employs the same NVIDIA Tesla processor used in three of the five fastest supercomputers.

LinuxSecurity.com Team
Nov 18, 2010

Encryption Adoption Rises, Mainly Thanks To Compliance

New Ponemon Institute study commissioned by Symantec finds 84 percent of U.S. organizations either deploying encryption or in the process of doing so. Most U.S. organizations are currently encrypting data or are in the process of doing so, and the No. 1 driver for this is compliance.

LinuxSecurity.com Team
Nov 17, 2010

Encryption set for a quantum leap

Quantum cryptography has been around since the 1980's but up until now only very small packets of information have been able to be encrypted at one time. Now a breakthrough that identifies the angle and rotation of photon particles is taking this technology to the next level.

LinuxSecurity.com Team
Nov 10, 2010

Firesheep Exposes Need For Encryption

An open-source Firefox extension called Firesheep has shined a spotlight on just how insecure it is to use unprotected WiFi networks. It's widely known that unprotected WiFi networks make sensitive data readily available for anyone with the technical skill necessary to find it, as demonstrated by Google's four-year Street View WiFi data gathering odyssey.

LinuxSecurity.com Team
Nov 02, 2010

Linux Cryptography - Page 17

How Passkey Solutions Enhance Open-Source Security

Abyss Locker Ransomware Targets Linux & Windows Users

Linux Foundation Joins Post-Quantum Cryptography Alliance