Archive | Cryptography


23 December 2010 | 13,530 views

Car Immobilisers Using Weak Encryption Schemes

Another case of a certain industry lagging behind, I mean come-on – who seriously still using proprietary cryptography algorithms in 2010? Especially only 40 or 48-bit protocols, with the processing power available on hand now and new techniques like GPU based cracking – that just doesn’t cut it. The latest discovery of such implementations was [...]

Continue Reading


12 November 2010 | 8,476 views

PGP Users Locked Out With Latest OS X Update

For the past day or so I’ve been seeing endless people tweeting about how the latest Mac OS X update b0rks your Mac if you are using PGP full disc encryption. It’s a pretty nasty bug, but thankfully it can be recovered from fairly easily. If you are just looking for a quick solution, you [...]

Continue Reading


10 November 2010 | 9,752 views

Hotmail Always-On Encryption Breaks Microsoft’s Own Apps

Oh look, Microsoft is late to the party again? They are finally launching full-session SSL encryption to Hotmail a mere 2 years after Google did the same thing for Gmail. It looks like the release of FireSheep really has had an impact on web-application vendors due to the amount of mainstream media coverage it got [...]

Continue Reading


13 October 2010 | 8,980 views

Facebook Introduces OTP (One-time Password) Functionality

Nice to see an innovation on the security front for once rather than endless ‘feature’ updates and announcements of ‘the next big thing’. Facebook has had its fair share of security woes so it’s nice to see they are doing something which I think may be genuinely useful for it’s burgeoning user base. A lot [...]

Continue Reading


27 July 2010 | 31,478 views

WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key)

Well as it tends to be, when something is scrutinized for long enough and with enough depth flaws will be uncovered. This time the victim is WPA2 – the strongest protection for your Wi-fi network which is standardized. WEP fell long ago and there’s a myriad of WEP Cracking tools available. In 2008 it was [...]

Continue Reading


24 March 2010 | 7,410 views

Website Auto-complete Leaks Data Even Over Encrypted Link

I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms [...]

Continue Reading


05 March 2010 | 10,226 views

Boffins Crack OpenSSL Library Using Power Fluctuations

Now this is a very interesting technique, as far as I know I’ve not seen anything similar to this before. It’s like a rather bizarre meld of hardware hacking and software exploitation using cryptographic algorithm cracking techniques. Some rather smart fellas have found a way to extract the private SSL key from a device by [...]

Continue Reading


12 May 2009 | 4,723 views

Ensuring Data Security During Hardware Disposal

After our recent story about the trading of BlackBerries for data theft the issue has emerged again this time more towards the secure disposal of data stored on PC hard disks. If a company or organisation has a decent data/information security policy in place (Like ISO27001 for example) they should have a secure destruction/disposal policy [...]

Continue Reading


08 May 2009 | 10,671 views

Explosion Of BlackBerry Trading In Nigeria – Data Theft

The number of Crackberry Blackberry users is increasing exponentially – especially since they released the much sexier Bold and the latest touch-screen Storm. The latest revelation is that used BlackBerries are being traded, not by the value of the phone but by the value of the data contained on the phone! It just shows most [...]

Continue Reading


05 December 2008 | 46,843 views

The World’s Fastest MD5 Cracker – BarsWF

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here. Changes in 0.8 Added checks for errors when calling CUDA kernel. [...]

Continue Reading