Archive | Cryptography


25 March 2011 | 8,605 views

RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken

About a week ago we tweeted about the “Open Letter” from RSA to customers, a rather vague letter. If you haven’t read it yet, you can do so here. To summarise, they basically said “Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. […] Our investigation also revealed […]

Continue Reading


28 January 2011 | 10,209 views

Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers

We published the story about the Playstation 3 (PS3) Finally Hacked & Exploit Released back in January 2010. The exploit of course developed by the very prolific hacker and jailbreaker extraordinaire Geohot. He became notorious way back in 2007 by fulling unlocking the iPhone and then again in 2008 by jailbreaking the iPhone running 1.12 […]

Continue Reading


06 January 2011 | 18,455 views

Researchers Hack Mobile Calls On GSM Network

Gotta love a bit of hardware hacking in the new year, this Karsten Nohl guy has been busy lately – he recently exposed Car Immobilisers Using Weak Encryption Schemes and more relevant to this article we’ve written about him and GSM Hacking Coming To The Masses Script Kiddy Style before. This kind of GSM snooping […]

Continue Reading


23 December 2010 | 13,541 views

Car Immobilisers Using Weak Encryption Schemes

Another case of a certain industry lagging behind, I mean come-on – who seriously still using proprietary cryptography algorithms in 2010? Especially only 40 or 48-bit protocols, with the processing power available on hand now and new techniques like GPU based cracking – that just doesn’t cut it. The latest discovery of such implementations was […]

Continue Reading


12 November 2010 | 8,483 views

PGP Users Locked Out With Latest OS X Update

For the past day or so I’ve been seeing endless people tweeting about how the latest Mac OS X update b0rks your Mac if you are using PGP full disc encryption. It’s a pretty nasty bug, but thankfully it can be recovered from fairly easily. If you are just looking for a quick solution, you […]

Continue Reading


10 November 2010 | 9,754 views

Hotmail Always-On Encryption Breaks Microsoft’s Own Apps

Oh look, Microsoft is late to the party again? They are finally launching full-session SSL encryption to Hotmail a mere 2 years after Google did the same thing for Gmail. It looks like the release of FireSheep really has had an impact on web-application vendors due to the amount of mainstream media coverage it got […]

Continue Reading


13 October 2010 | 8,991 views

Facebook Introduces OTP (One-time Password) Functionality

Nice to see an innovation on the security front for once rather than endless ‘feature’ updates and announcements of ‘the next big thing’. Facebook has had its fair share of security woes so it’s nice to see they are doing something which I think may be genuinely useful for it’s burgeoning user base. A lot […]

Continue Reading


27 July 2010 | 31,637 views

WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key)

Well as it tends to be, when something is scrutinized for long enough and with enough depth flaws will be uncovered. This time the victim is WPA2 – the strongest protection for your Wi-fi network which is standardized. WEP fell long ago and there’s a myriad of WEP Cracking tools available. In 2008 it was […]

Continue Reading


24 March 2010 | 7,416 views

Website Auto-complete Leaks Data Even Over Encrypted Link

I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms […]

Continue Reading


05 March 2010 | 10,229 views

Boffins Crack OpenSSL Library Using Power Fluctuations

Now this is a very interesting technique, as far as I know I’ve not seen anything similar to this before. It’s like a rather bizarre meld of hardware hacking and software exploitation using cryptographic algorithm cracking techniques. Some rather smart fellas have found a way to extract the private SSL key from a device by […]

Continue Reading