crypto
BlackHat 2009, Day 1
The annual Vegas security conference is upon us again, and there have been plenty of interesting presentations. Last year, it felt like WiFi was the “theme” of the year — this year, the most interesting (and well-attended) briefings were on SSL and mobile devices. The Wednesday keynote was presented by Douglas Merrill, the COO of [...]
DefCon 16, Day 1
Having finished up with the BlackHat briefings, it was time to go on to DefCon. While many of the speakers from BlackHat stay on for DefCon, there’s also a lot of DefCon-only presentations, usually with a more attack-oriented focus (in keeping with DefCon’s nature as a hacker convention rather than a security conference like BlackHat.) [...]
Ubuntu/Debian CRNG Cracked – SSH Vulnerable
I don’t usually post about newly-discovered vulnerabilities, simply because there are so many of them — a dozen come out every day, especially in web applications. However, this one has further-reaching consequences. Security researcher HD Moore (of Metasploit fame) has discovered a vulnerability in the OpenSSL cryptographic random number generator used by Debian Linux, the [...]
Data Hiding at the Airport
According to the EFF blog, customs has taken to randomly searching electronic devices for suspicious data. It is somewhat mysterious what they are searching them for — given only a few minutes and a technically unskilled border guard doing the searching, it’s hard to imagine them actually finding anything better hidden than a file on [...]
Whole-Disk Encryption Cracked
Early this week, some researchers at Princeton University’s Center for Information Technology Policy released a fascinating video of whole-disk encryption being cracked quite quickly and easily. Whole-disk encryption products — such as PGP Whole Disk Encryption, TrueCrypt System Encryption, and Windows Vista’s BitLocker — work by encrypting the entire hard disk with a symmetric key, [...]
