Washington Post: Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov. The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker “export-grade” products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year. [more inside]
He was sitting on his bed, surreptitiously surfing the science and math board on 4chan, the notorious underground forum, when he came across a strange image that had appeared on the site three days earlier. It contained a message written in a thin white font against a black background. "Hello," it read. "We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck." It was signed "3301." [more inside]
In 2010, the Colombian army wanted to send a message of hope to soldiers held hostage by FARC guerrillas deep in the jungle. But how to send a message the hostages would recognize, but their captors wouldn't? Morse code, hidden in a pop song.
If your cryptography predates The Fresh Prince, you need better cryptography. With recognition of the need for secure communication standards finally going mainstream, crypto researcher and Johns Hopkins University professor Matthew Green takes a hard look at the de facto standard everyone is jumping on, and suggests that we can and should do a lot better. [more inside]
Someone is leaving what appear to be coded messages in the stacks of Weldon Library at the University of Western Ontario. (via)
While Jacob Appelbaum grabbed headlines with his NSA revelations at this year's Chaos Communication Congress, other presentations provided equally fascinating insight into how the world works. Learn how data mining is bringing perpetrators of genocide to justice (alt), how an artist uses different concepts of secrecy landscapes (alt) to keep tabs on clandestine activities, and how India's surveillance state continues to grow (alt). previously [more inside]
"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." Previous
On January 5th 2012, an image was uploaded to various image boards. It contained two messages. One was obvious & easy to read. In white letters on a black background it said:
Hello. We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck. 3301As promised there was another message hidden inside the image. It was the start of a bizarre, as yet unexplained chain of complex hidden messages leading those who could solve them on a journey across the Internet and around the world towards a destination none of them could predict with certainty. Is it a highly evolved ARG? Is it a recruitment campaign for the NSA? Welcome to the mystery of Cicada 3301.
The Greatest Crossword Puzzle In The History Of The World is now playable: Adobe Crossword
In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail. FreedomWeb, an Irish company known for providing hosting for Tor "hidden services" -- services reached over the Tor anonymized/encrypted network -- has shut down after its owner, Eric Eoin Marques, was arrested over allegations that he had facilitated the spread of child pornography. [more inside]
Enigma breaker Alan Turing will be posthumously pardoned. Turing helped the Allies win WWII by developing the methods that broke the German Enigma code -- which didn't stop Britain from convicting him of gross indecency under anti-homosexuality legislation in 1951 and subjecting him to chemical castration. Two years later, he committed suicide by swallowing cianide. The British government has now "signalled that it is prepared to support a backbench bill that would pardon Turing."
Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia by R. U. Sirius. [Via]
An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”[more inside]
Wired tells the story of an old encoded manuscript, the effort to crack it, and the secret occult society that it revealed.
In Which The Irish Invent Twitter, 1984 (via Broadsheet.ie) Back in 1984 on the Late Late Show Gay Byrne shows off a new invention, a machine that allows you to send text over the phonelines. Among the uses to which this invention was put was securely communicating with Nelson Mandela in prison. Although, unfortunately, it didn't work reliably with South African phone lines. [more inside]
Happy 100th birthday, Alan Turing! 2012 is the Alan Turing Year, with celebratory academic events around the world all year. BBC News has a set of (brief) appreciations, including one in which two of Turing's colleagues share memories. Google has an interactive Doodle of a Turing Machine today (that article has some explanation and links to a useful video if the doodle's confusing). [more inside]
TorChat is an instant messaging protocol based upon Tor hidden services, making it perhaps the only instant messaging protocol with any substantive resistance to traffic analysis. [more inside]
LinkedIn has spilled 6.5 million unsalted SHA-1 password hashes. [more inside]
The forthcoming film Anonymous, which posits the Earl of Oxford as the true author of Shakespeare's plays, has scholars bemoaning the immense effort wasted over the years (NYT) pursuing bogus theories of Shakespearean authorship. On the other hand, one of the 20th century's greatest cryptographers got his start searching for secret messages from Francis Bacon in Shakespeare's plays.
Described as 'cryptography's holy grail', Homomorphic Encryption/Computation is a form of encryption where specific algebraic operations on the plaintext translate into different algebraic operations on the ciphertext, allowing the plaintext's owner to 'outsource' computations to untrusted machines. [more inside]
Robert Morris, a pioneer in the field of computer security, early major contributor to the UNIX operating system, and father of Robert Tappan Morris (author of the Morris Worm), has died at 78. NYT [more inside]
Bitcoin is growing up: early adopters lost money due to bad backups; the US Senate wants to crack down due to possible illegal drug purchases with the digital coins; it had its Black Friday, losing 30% of its value in one day (after a 5,600% increase in the first year); the Economist weighs in; and now an alledged heist of 25k bitcoins (original forum post), valued between $250k and $750k on the Mt. Gox exchange. Currently 154 petaflops of CPU and GPUs are computing SHA256 hashes in tight loops, easily beating the #1 on the top500, the Tiahne-1A with 2.56 petaflops. (Previously and more previously)
Bitcoin is a peer-to-peer digital currency. Trading at eight dollars this week—and being used to pay for everything from freelance programming jobs to magic mushrooms—it has been described as “the most dangerous open-source project ever created” and “an unambiguous challenge to the government monopoly on the power to print money.” Estimated at over 20 petaFLOPS the Bitcoin network is currently the fastest virtual supercomputer in the world. [more inside]
On June 30, 1999, sheriff’s officers in St. Louis, Missouri discovered the body of 41-year-old Ricky McCormick. He had been murdered and dumped in a field. The only clues regarding the homicide were two encrypted notes found in the victim’s pants pockets. The FBI is now asking the public to help them solve the murder.
How To Make Anything Signify Anything "By the time he retired from the National Security Agency in 1955, Friedman had served for more than thirty years as his government’s chief cryptographer, and—as leader of the team that broke the Japanese PURPLE code in World War II, co-inventor of the US Army’s best cipher machine, author of the papers that gave the field its mathematical foundations, and coiner of the very term cryptanalysis—he had arguably become the most important code-breaker in modern history."
"Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break."
The CIA is watching him. He's been addressed directly by powerful people all across the United States government. And earlier today on his website and across the internet, the same man has placed a 1.4 gigabyte encrypted file labeled "insurance."
XKCD author Randall Munroe appears to have left a neat little cryptographic puzzle for Reddit users in his new book. They're trying to decipher it.
Thomas Jefferson's cipher message from Robert Patterson For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now.... To Mr. Patterson's view, a perfect code had four properties: It should be adaptable to all languages; it should be simple to learn and memorize; it should be easy to write and to read; and most important of all, "it should be absolutely inscrutable to all unacquainted with the particular key or secret for decyphering." [more inside]
In March 2007, the FermiLab Office of Public Affairs in Batavia, IL "received a curious message in code" via USPS. In May 2008, scientists posted a facsimile image of the letter to their blog in the hopes of soliciting cryptologists to decipher the letter. [more inside]
Find a short wave radio and before long you should be able to tune into The Lincolnshire Poacher - the station plays an introduction comprising part of the eponymous folk tune followed by a robotic female voice reading strings of numbers: listen! So called Numbers Stations have been a mysterious constant of short wave radio for several decades. The Conet Project [previously 1, 2, 3] has made a collection of the recordings available allowing you to listen to "Ready! Ready! 15728", "The Buzzer" (especially mysterious), "Gong Station Chimes", "Magnetic Fields" and many others.... [more inside]
On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. [more inside]
If you work at Langley and you need a break from actual intelligence gathering, you can always try to crack the code to the sculpture right outside the cafeteria window. Kryptos is a sculpture by James Sanborn located on the CIA grounds which contains a four-part coded message: sections 1-3 have been solved (with Sanborn admitting he made a typo in section 2). Perhaps you'd like to join Elonka (and the hive mind) in having a go at section 4.
"Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes."
Project Evil - Number stations appear on VoIP and it just seems very mysterious. Slashdot picks up the story. Now all is revealed.
Secret agent Huub Lauwers was parachuted into occupied Holland in 1941 to relay intelligence back to London. His capture by the Germans marked the beginning of the Englandspiel, a deadly game of cat-and-mouse intelligence that cost the lives of over fifty agents. Lauwers frantically tried to inform the SOE that he had been caught, but the Baker Street Irregulars just didn't get it. Or did they? [more inside]
A previously unbroken Enigma code has been solved by a group of hackers. After just over a month of effort, the M4 group, using distributed computing, cracked a 60 year-old German naval code. The message: "Forced to submerge during attack." There are lots of other interesting historical codes that still remain mysteries, however. Lots of Enigma goodness in an earlier post.
Linda Rayburn and her son Michael Berry were brutally murdered by her husband, David Rayburn, on February 3rd, 2004. Rayburn then hanged himself in the basement of their home, leaving behind a handwritten cryptogram.
Plgjoekz xh jiw lwe zqsd meecebefi aqxaxgw xb pzchiottazlq (pbq kvqetnpavckxg) fqrut fegqeifrm nvednsvu ix xzt 9hu kifiuea, efijn dnzx gu tug Vskwcsem gaehrt ic qahogbvaquggd. Lpsxgr li Nxgrpebi vxr awx acvrpt dlw rwcpij (we qgvopgesq i wlgoaieb tgamnttzpbrvim gaevrz), Kadvnp Bkxahhn Jidpsb jan hgcs fw gwcthtiow wpfyqij, xn 1553. Oglkwg'h wzxpwbeavadmgc vnzrwhsrf tri hdkrz sx ihr valydp frkxs ihnv wkw kfinvhwgeq dy dlw dpiqsmh kra pbsygsfamgc os vhyww ivnb gsbe ogfyvw wwz, irv uoe vho jaggg bmet ia uefif wialvws yrcrc, ef jboziszaone msvt qbcpv qe huen. Gzpfymw Tpbocgo wmrqrawxjlya cbeuzsq Dmytnrte psj ivr Jvaiifj devacu gpi Ugizgax Asg, phb ml laf mezx ktqemx mctvn Fbmwsfvkl Cpsvpsum jtjripws hvu moxzdr n liupdr nadij, xb 1863. Gpi hdllclzlsqsgqg uxpugrc, wmrv na xzxs bpe, biepwa wrw df gje veki qblik qrrckkfdt pl i psnprtsyr oxhuwyl p cbopexwg.
The Reader of Gentlemen's Mail In the spring of 1919, when the father of American cryptography, Herbert O. Yardley, drew up a plan for a permanent State Department codebreaking organization — a "black chamber — he estimated that a modest $100,000 a year would buy a chief (Yardley) and fifty clerks and cryptanalysts. Yardley rented a three-story building in New York City: on East 38th Street just off Fifth Avenue, he put two dozen people to work under civilian cover—as the Code Compiling Company. His summary dismissal happened in 1929 at the hand of incoming Secretary of State Henry Stimson, who closed down the Cipher Bureau with the casual observation that "gentlemen do not read each other's mail". The son of a railroad telegrapher, a man with a lively Jazz Age interest in money, good-looking women, and drinks at five, Yardley not only taught his country how to read other people's mail but wrote two of the enduring American books—the memoir The American Black Chamber (1931), and The Education of a Poker Player (1957).
Learn to Safecrack! [pdf] Last year, computer scientist and cryptologist Matt Blaze drew ire from the locksmithing community for publically revealing information on how to create the master key to a lock (previous MetaFilter discussion). He's back with a paper on cracking safes. Once again, locksmiths are up in arms over Blaze's disregard of trade secrets. Apparently, safes adhere to the principle of security through obscurity rather than Kerckhoff's Law. [via]
Rongorongo! Say it twice -- don't it feel nice? Most people think of the enigmatic maoi when they think of Easter Island but an equally vexing mystery is found in twenty-six wooden objects which contain pictographic symbols comprising...what? A language? A mnemomic system for recording stories now long forgotten? A resource for modern primitives' tribal tatoos? We could ask, but the authors are long-gone -- the victims of hard times -- leaving only a few tablets and a bunch of carved stone to puzzle over.
26 year old student finds largest known prime number. The number is 6,320,430 digits long and would need 1,400 to 1,500 pages to write out. It is more than 2 million digits larger than the previous largest known prime number. Why? What use is it? How can knowing the next highest prime number be of any benefit?
One word: Cryptography.
Prime numbers are essential in producing keys for cryptography.
One word: Cryptography.
Prime numbers are essential in producing keys for cryptography.
Page: 1 2