crypto

(get it in RSS or Atom)

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...

WhatsApp mobile messaging app in the firing line again over cryptographic blunder

wa-250

Popular mobile messaging software WhatsApp is in the firing line again for another security SNAFU.

A Dutch researcher has pointed out that its session encryption breaks a cardinal rule: a one-time pad is supposed to be a *one* time pad!

Android random number flaw implicated in Bitcoin thefts

bc-android-250

Bitcoin is in the news again.

Seems that a random number problem on the Android platform is letting crooks get away with cryptographic fraud to make off with other people's BTCs...

Rooting SIM cards - BlackHat speaker says he may be able to "own your phone" with a text message

phones-250

Mobile security researcher Karsten Nohl says he'll explain at the BlackHat conference how he can remotely "own" mobile phones with a single text message.

Paul Ducklin looks at what Nohl has said so far, and ponders how hard this might be to sort out...

Monday review - the hot 18 stories of the week

dow-250

Missed any stories in the past seven days?

Here's our weekly roundup, just in case...

AusSHIRT 2013 - the #sophospuzzle instructions in full

The AusCERT 2013 conference has started, so the AusSHIRT 2013 #sophospuzzle is officially live.

See if you can transform the code on the T-shirt and win a prize!

(You don't have to be at the conference to enter.)

IBM takes a big new step in cryptography: practical homomorphic encryption

IBM just released an open source software package called HELib.

HE stands for *homomorphic encryption*, and HELib is an important cryptographic milestone.

Paul Ducklin explains why...

Beware of encryption companies bearing gifts!

trojan-horse-250

An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it.

Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"...

Can freezing an Android device crack its encryption keys?

Will chilling an Android phone to -15°C freeze the encryption keys into memory? And if so, can you use a modified version of Android to dig them out?

German researchers had a crack at it - Paul Ducklin takes a look at how things turned out.

SSCC 102 - Probably the best 15 minute security podcast you'll hear today

Sophos security Chet Chat podcast 102

Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 102, discussing a range of recent and newsworthy topics from the world of computer security.

Monday review - the hot 27 stories of the week

Monday review - the hot 24 stories of the week

Just in case you missed any of our stories last week, here's a little recap.

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.

Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.

Do programmers understand the meaning of PRIVATE?

Public-key encryption relies on a pair of cryptographic keys, one public and the other private.

You'd think that programmers would be able to tell which one to keep private and which one to make public, wouldn't you?

Kim Dotcom's coders hacking on Mega's cryptography even as we speak - true "perpetual beta" style

Kim Dotcom's new venture, Mega, wants to shield itself from accusations of failing to take action against piracy.

It does so by using cryptography to make sure it doesn't see, and indeed cannot tell, what you've uploaded. But you have to get the crypto right...

Kim Dotcom takes issue with critics taking issue with his new MEGA service

The party-time news of the past weekend was the launch of Kim Dotcom's comeback file sharing service, Mega.

Crypto critics have already taken issue with some aspects of Mega's implementation, and Dotcom has taken issue right back at them...

Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

Windows passwords: "Dead in Six Hours" - paper from Oslo password hacking conference

The total number of Windows passwords you can construct using eight keyboard characters is vast: one followed by 16 zeros, or near enough.

Gone in six hours.

Plus you get to heat your house at the same time.

Monday review - the hot 23 stories of the week

Monday revies - the hot 23 stories of the week

It's weekly summary time.

Here's everything we've written in the last seven days.

VIDEO: How to solve the Skyfall #sophospuzzle

VIDEO: How to solve the Skyfall #sophospuzzle

By popular demand, here is a video showing you how to solve the Skyfall #sophospuzzle.

In James Bond style: recover a stolen file, decrypt it, use it to identify a famous person, find out where he was incarcerated, and geolocate the prison...

Fancy yourself as James Bond? Take on the #sophospuzzle and win a NERF gun...

Fancy yourself as James Bond? Take on the #sophospuzzle and win a NERF gun...

There's a new #sophospuzzle on the go!

This time, the theme is Skyfall and Bond, James Bond. You'll handle a field message from another agent, decode a data file stolen from M's computer, and unravel a secret location - all in a day's work for the world's best-dressed secret agent.

Sony PS3 hacked "for good" - master keys revealed

Sony PS3 hacked "for good" - master keys revealed

Sony's PS3 has been hacked. This time, it looks as though it's been hacked for good.

We explain why this is different from previous hacks, and treat you to the war of words between the original hackers and the pirates who stole their work...