On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
posted by finite on May 16, 2008 - 81 comments

This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. [more inside]
posted by Anything on Dec 4, 2007 - 27 comments

Fun with Fingerprint Readers. A Japanese cryptoanalyst recently found that he could reliably fool biometric fingerprint scanners using only gelatin like that found in gummy bears. Not only could he create a fake finger using the original, he was also successful in fooling the scanners based on a gelatin mold of a fingerprint lifted from a piece of glass.
posted by kaefer on May 15, 2002 - 9 comments

How to Think About Security from Bruce Schneier's Cryptogram. It's a brief discussion with a five point filter to use when evaluating security measures. Good food for thought and best of all, he echos many things I've already spouted off about airport security...
posted by shagoth on Apr 16, 2002 - 2 comments