Surveillance and Ubiquity

HexView has an article about tracking vehicles with RFID tire pressure monitors. The devices are found in tires and transmit tire pressure to the engine control module, which sounds innocuous enough, but to prevent modules from reading neighboring cars’ tires by accident, they also transmit a unique ID. Thus, you can follow a car around […]

anonymity, hardware, legal, privacy, risk, society, terrorism

Whole-Disk Encryption Cracked

Early this week, some researchers at Princeton University’s Center for Information Technology Policy released a fascinating video of whole-disk encryption being cracked quite quickly and easily. Whole-disk encryption products — such as PGP Whole Disk Encryption, TrueCrypt System Encryption, and Windows Vista’s BitLocker — work by encrypting the entire hard disk with a symmetric key, […]

attacks, crypto, hardware, mitigations, physical security, products

OS-Based Mitigations Against Common Attacks

In my last post about finding a job in information security, when discussing application security, I off-handedly mentioned several mitigation technologies — GS, DEP, SAL, and ASLR. These are technologies developed by OS vendors to provide system-wide protection against common attacks, and are things every application developer should know about when dealing with native (unmanaged) […]

attacks, hardware, mitigations

Passwords Aren’t Secure; Two-Factor Auth on a Credit Card

A pair of companies called Innovative Card Technologies and eMue Technologies have put out a press release for a one-time-password token embedded in a credit card. Essentially, they embed a smart chip and an LCD display inside a bank card. When you need the password to your account (such as to log into online banking), […]

authentication, hardware, passwords, products

Password Cracking Moves to the GPU

A company called Elcomsoft has just put out a press release promoting the newest version of their Distributed Password Recovery tool, which is now capable of making use of the GPU (graphics processing unit) on modern 3D video cards for breaking password hashes. Password hashes have been weak for quite a while now — as […]

authentication, hardware, passwords, products