"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." Previous
In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail. FreedomWeb, an Irish company known for providing hosting for Tor "hidden services" -- services reached over the Tor anonymized/encrypted network -- has shut down after its owner, Eric Eoin Marques, was arrested over allegations that he had facilitated the spread of child pornography. [more inside]
Robert Morris, a pioneer in the field of computer security, early major contributor to the UNIX operating system, and father of Robert Tappan Morris (author of the Morris Worm), has died at 78. NYT [more inside]
On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. [more inside]
Fun with Fingerprint Readers. A Japanese cryptoanalyst recently found that he could reliably fool biometric fingerprint scanners using only gelatin like that found in gummy bears. Not only could he create a fake finger using the original, he was also successful in fooling the scanners based on a gelatin mold of a fingerprint lifted from a piece of glass.
How to Think About Security from Bruce Schneier's Cryptogram. It's a brief discussion with a five point filter to use when evaluating security measures. Good food for thought and best of all, he echos many things I've already spouted off about airport security...