hardware
OS-Based Mitigations Against Common Attacks
In my last post about finding a job in information security, when discussing application security, I off-handedly mentioned several mitigation technologies — GS, DEP, SAL, and ASLR. These are technologies developed by OS vendors to provide system-wide protection against common attacks, and are things every application developer should know about when dealing with native (unmanaged) [...]
Passwords Aren’t Secure; Two-Factor Auth on a Credit Card
A pair of companies called Innovative Card Technologies and eMue Technologies have put out a press release for a one-time-password token embedded in a credit card. Essentially, they embed a smart chip and an LCD display inside a bank card. When you need the password to your account (such as to log into online banking), [...]
Password Cracking Moves to the GPU
A company called Elcomsoft has just put out a press release promoting the newest version of their Distributed Password Recovery tool, which is now capable of making use of the GPU (graphics processing unit) on modern 3D video cards for breaking password hashes. Password hashes have been weak for quite a while now — as [...]
SCADA Hacking Renders Vital Infrastructure Vulnerable
Forbes.com recently had an article called “America’s Hackable Backbone” regarding the recent surge in SCADA hacking. SCADA, Supervisory Control And Data Acquisition, is a truly ancient protocol, in use for over 20 years, which was not remotely designed with security in mind. At the time, SCADA was used only on dedicated networks that lacked any [...]
Steal Cars Electronically
At Crypty 2007 in August, Eli Beeham, et. al. presented a paper called “How to Steal Cars,” describing how they have bypassed the KeyLoq remote keyless entry system — the system used in the majority of the remote keyless entry key fobs. These systems are supposed to be secure — they use a 32-bit block [...]
