Updated: 2010-01-29 16:43:50
Recently, Imperva released a study (pdf) of the passwords extracted from the December 2009 RockYou security breach that resulted in the compromise of over 32 million user accounts. This study examined some statistics of the passwords retrieved, including the number and variation of characters use to construct them. The results were pretty bad. Here are [...]
Updated: 2010-01-26 15:18:18
Tor partially blocked in China | The Tor Blog
That last article lead me to this post on the TOR blog from September 15, 2009 (I am a bit late to this party). China is now blocking about 80% of the public TOR nodes.
This mostly ends a rather baffling situation where for some reason the Chinese [...]
Updated: 2010-01-26 15:13:41
Privacy Network Tor Suffers Breach | Privacy Digest
It has been reported, and the TOR folks have confirmed, that two of their core directory servers were recently compromised along with another server showing usage metrics. While it does not at first appear that the attack was aimed at compromising the TOR network, it would certainly have [...]
Updated: 2010-01-17 00:07:14
In a very broad sense, cryptography is all about controlled access to information. Now, with something that vague you will be justified in asking “what do you mean by access?” and “what kind of control?” and indeed, “what is information?” We’ll get more specific shortly, but continuing cryptosophically, there are at least two parts to [...]
Updated: 2010-01-13 03:49:23
In the struggle between cyber attackers and cyber defenders, many tools have been built to create a strategic advantage or to gather intelligence. One category of software has the benefit of being both. Honeypots are a combination of software and hardware that emulate a target computer system or service for the purpose of attracting attackers [...]
Updated: 2010-01-07 15:15:09
by Rajiv Andrade, Linux Technology Center
Since the foundation of the Trusted Computing Group, previously named Trusted Computing Platform Alliance, the pillars required to win most of today’s security challenges have been heavily developed.
The Trusted Platform Module and the Trusted Software Stack are two of these. Now that we have in our hands the required enablement, the next expected step [...]
Updated: 2010-01-05 15:41:16
NIST-certified USB Flash drives with hardware encryption cracked - The H Security: News and Features
Security firm SySS announced (in German) that it has discovered a massive vulnerability in the hardware encryption for USB thumb drives by Kingston, SanDisk and Verbatim. From the article at The H Security it looks like the problem is that all [...]
Updated: 2009-12-22 22:24:23
By Bryan Jacobson, Linux Technology Center.
While Virtualization offers many benefits, there can also be increased security risks. For example, consider a system running two hundred virtual images. All two hundred images are at risk if a flaw in the hypervisor (or configuration) allows any virtual guest to “break out” into the host environment [...]
Updated: 2009-12-18 23:29:31
Steve Hanna has written an excellent cloud security overview article A Security Analysis of Cloud Computing which talks about how trusted computing can help solve some of the cloud security problems.
Privacy concerns for the ages, is anonymity sufficient? Facebook and Google: Contrasts in Privacy Is privacy an illusion or a social contract? Blakley’s blog post [...]
Updated: 2009-12-11 22:16:58
Here are seven links that are worth the time that it takes to read them if you are interested in systems security.
The Evil Maid attacks again:
ITPro article: Researchers break into Windows encryption feature,
the original research behind the attack,
article about Microsoft’s response.
Two Trusted Computing articles:
“openSUSE is now the first operating system to offer full [...]
