Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Monday, April 21, 2008

Wednesday, February 27, 2008

Cambridge Breaks Chip and PIN (Debit card) terminals

[R]esearchers at the University of Cambridge, have shown how to compromise supposedly tamper-proof Chip and PIN terminals. With a paperclip, off the shelf electronics, and basic technical skills, fraudsters can capture card details and PINs, then create counterfeit cards. The full results of the team are published their academic paper and were featured on BBC Newsnight (Google Video).

[hat tip: Cory Doctorow]

Friday, February 22, 2008

Disk encryption not so safe - New results from Princeton

Quoting from the Princeton research site,

Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. (K: This is a general hardware issue with the DRAM chip that is not going to be easy to solve, I think.)

[via Boing Boing]

Thursday, February 7, 2008

Security Links: 2008-02-07

  1. Cloned Trucks - Criminals are using cloned FedEx, Wal-Mart, etc trucks to bypass security.
  2. VoIP Threats - Threats in using Voice over IP
  3. NSA Monitoring U.S. Government Internet Traffic