Who Wrote the Mirai Worm
This long article details one security investigator’s endeavor in revealing the real identity of the the Mirai worm: https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
A Little Primer on Bootloaders, Encryption, and Signing
A tweet from #AndroidPolice on Android booloaders and the security mechanism around it came to me through #cyanogen today. While it’s not meant to be comprehensive, I think it does help point developers and modders in the right direction to understanding come fundamental building blocks in information security. The fact that these security circumvention techniques float about on the Net goes to show that although the underlying encryption schemes and ciphers remain intact, hackers have consistently managed to find attack…
Microsoft urges laws to boost trust in the cloud
From CNET: In a speech Wednesday, Microsoft general counsel and senior vice president Brad Smith called on government and business to shore up confidence in cloud computing by tackling issues of privacy and security–two major concerns that have been voiced about the cloud. Full article.
A5/1 Cipher Cracked
German researcher Karsten Nohl has cracked the encryption used for GSM. His team has made information and tools needed to replicate the attack with a somewhat modest set up. The A5/1’s 64-bit encryption key used in GSM is simply too short for the kind of computing power widely available today. Considering that the technology is over 20 years old, however, it’s robustness is still remarkable. Here’s the A5/1 Cracking Project’s website.
Iraqi insurgents hack US drones with $26 software
A report from The Register said that hours of unencrypted surveillance video feeds were intercepted by the Iraqi insurgents. A laptop containing the video feeds were discovered late 2008, but it’s not clear from the report when those feeds were intercepted. Why were those video feeds unencrypted? Granted even the strongest encryption scheme to date isn’t unbreakable, given enough technical know-how, processing power, and time. My guess is that the contractor or subcontractor supplying the camera or the transceiver forgot…
Free Linux Server Backup Using Dropbox
I don’t need to tell you how important data backups are. These days, several online backup services based on cloud computing are available for either free with some limited storage to a affordable monthly fee for unlimited storage. Carbonite, Mozy, Blackblaze, and Dropbox are a few excellent examples. There are advantages and disadvantages of these various services. I use 3 out of the 4 mentioned, depending on the type of data, frequency of changes, , and how often I need…
TLS Vulnerability to MITM Attack
TLS is the underlying technology used by modern browsers and web servers to encrypt data communicated between them. (Since TLS is a transport layer facility, it can be used in any other application layer protocols like SMTP, POP, etc, in addition to HTTP.) While the encryption itself has been regarded as “secure enough” by online banking services (encryption relying on 4096-bit public key as of 2009), among others, there is another type of attack which is independent of the strength…
Department of Defense New Guidance On Open Source Software
The Department of Defense CIO office has released a new guideline which is aimed at easing open source software adoption. Department of Defense CIO David Wennergren’s revised guidance (PDF)