A recent strain of malware called Cryptolocker (technical description from BleepingComputer
) has been infecting computers across the Internet. It's of the Ransomware (wiki)
genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security
, and the Malwarebytes Blog
, with more recent developments on Naked Security
posted by codacorolla
on Nov 7, 2013 -
If the NSA is able to break through banks' computer security, does that mean it solved the prime factorization problem?
The New York Times reported
recently that “the agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.” Since banks' encryption codes rely on the fact that nobody knows how to find the prime factors of really large numbers, it could mean that the NSA has found a way to do that. Or it could mean that the NSA has simply gotten lots of banks to give up their information, or found other ways around their encryption. But if they've cracked this long-standing math problem, might the secret leak? What would be the effects?
posted by Sleeper
on Sep 12, 2013 -
application aims to use steganography
to hide samizdat
-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report
on events within the country. Haystack earned its creator Austin Heap
a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines"
of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year
. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens
and criticisms of the media coverage and software continue to mount
, Heap has currently asked users to cease using Haystack
until a security review can be performed.
posted by Blazecock Pileon
on Sep 13, 2010 -
Clear passenger data stolen.
A unencrypted laptop with the personal data, including name, address, SSi number, passport number, date of birth, etc. of every one of the 33,000+ users of the the Clear
system has been stolen. The Clear system allows travelers who register and pay an annual fee to bypass airport security lines by using a smart card in some airports. TSA has suspended new registrations until Verified Identity Pass, Inc.
, a subsidiary of GE, figures out how to install PGP. VIP is the only private contractor allowed to register users to the Clear system. Via
posted by dejah420
on Aug 5, 2008 -
New "Hi - tech" passport cracked.
Standards for the new passports were set by the International Civil Aviation Organisation (ICAO)
in 2003 and adopted by the waiver countries and the US. The UK Home Office has adopted a very high encryption technology called 3DES
- that is, to a military-level data-encryption standard times three. However they used non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.
posted by adamvasco
on Nov 17, 2006 -