Category: security

How to manage disk encryption passphrases and key slots

How to manage disk encryption passphrases and key slots

Disk encryption is one method you may use to enhance the physical security rating of your computer. From my experience, it is rarely used, which is a shame because it is one of the most effective safeguards against unauthorized physical access to data stored on a computer. Disk encryption, which can be full disk, or per partition, may be configured […]

What we can learn from Jason Chen’s experience

Not too long ago, Jason Chen, a Gizmodo editor, had all the computer related materials in his residence seized by cops acting on a warrant in relation to Apple’s missing iPhone 4G prototype. If you recall, Jason Chen got hold of the pre-release iPhone from a guy who found it in a California bar. So Jason blogged about it (the […]

3 Problems Cloud Security Certification Can Solve

What if there were widely accepted standards for cloud security and, better yet, a universally recognized designation for “trusted” cloud providers? The basic promise of cloud computing is undeniably appealing: Increase efficiency and reduce cost by taking advantage of flexibly pooled computing resources managed by somebody else. Indeed, as Bill Brenner of CSO put it, “Given how expensive it is […]

Improved Online Security for a Tenth of the Cost

Computer scientists at the University of Hertfordshire have found a way to share information online securely for a fraction of the cost of existing systems. Professors Bruce Christianson and Alex Shafarenko at the University’s School of Computer Science, working in collaboration with Professor Sergei Turitsyn at the University of Aston, have been awarded a UK patent for a fibre optics […]

How to Stop Distant Attacks on RFID Chips

The limited power and processing ability of RFID chips makes them vulnerable to attackers operating at a distance. A new protocol could tackle this problem. One drawback with RFID chips is their inability to know the distance of any device that is interrogating them. That allows a malicious user to attack from a distance, more or less at leisure and […]

Traffic Mining Firewall Logs Could Improve Network Security

A firewall is the safety barrier between a computer network and the outside world. Individuals, companies and large organizations alike rely on a firewall being robust enough to fend off hackers attempting to break into a computer system. However, managing the firewall rules that decide between online friend and foe has proved to be complex, error-prone, expensive, and inefficient for […]

In Networks We Trust

European researchers are proposing a paradigm-shifting solution to trusted computing that offers better security and authentication with none of the drawbacks that exist in the current state of the art. Trusted computing (TC) is a hot topic in computer science. Major software and hardware providers are planning to include TC components in the next generation of computers, and the US […]

Removing the RSA Security 1024 V3 Root

There’s been confusion today about the work we’re doing on our root store, the set of trusted certificate authorities shipped with Mozilla products. The short story is this: we’re removing the “RSA Security 1024 V3″ root from that list. Its owners have confirmed that it is not in use, and not covered by current audits. We regularly check for roots […]

How Android Security Stacks Up

How Android Security Stacks Up

Today’s smart phones have all the speed, storage, and network connectivity of desktop computers from a few years ago. Because of this, they’re a treasure trove of personal information–and likely the next battleground for computer security. What makes smart phones attractive–the ability to customize them by downloading applications–is what makes them dangerous. Apps make the mobile phone a real computer, […]

A Comfortable and Secure Login Method

As most Internet users know, it is often hard to remember or keep apart all the passwords and login names for one’s different online accounts. Dr. Bernd Borchert, together with students at the Computer Science Department of Tübingen University, has tackled this issue. They developed a new method that saves the users not only the trouble of memorizing the passwords […]

A Portable Security Risk

More and more employees are bringing personal mobile devices, such as media players, flash drives and smart phones, to work for entertainment, communications and other purposes. Equally, many employers issue their staff with such devices to allow them to be more mobile and to run business applications as part of their job. This explosion of personal devices with built in […]

Soft Spots in Hardened Software

Over the past decade, Microsoft, the target of choice for many online attackers, has hardened its operating system, adopting technologies designed to make it harder for attackers to find and exploit vulnerabilities. Apple and many other software makers have followed suit, introducing similar additional security measures to their operating systems. Yet last week, during the “Pwn2Own contest” at CanSecWest, a […]

Governments May Fake SSL Certificates

Governments May Fake SSL Certificates

Today two computer security researchers, Christopher Soghoian and Sid Stamm, released a draft of a forthcoming research paper in which they present evidence that certificate authorities (CAs) may be cooperating with government agencies to help them spy undetected on “secure” encrypted communications. (EFF sometimes advises Soghoian on responsible disclosure issues, including for this paper.) More details and reporting are available […]

Scientist Invents a Digital Security Tool Good Enough for the CIA — And for You

A British computer hacker equipped with a “Dummies” guide recently tapped into the Pentagon. As hackers get smarter, computers get more powerful and national security is put at risk. The same goes for your own personal and financial information transmitted by phone, on the Internet or through bank machines. Now a new invention developed by Dr. Jacob Scheuer of Tel […]

Blue Skies Thinking for Cloud Security?

As cloud computing moves data and services from local systems to remote centres, the question of security for organisations must be addressed. A research paper published in the International Journal of Services and Standards suggests that a cloud-free security model is the best way forward and will circumvent the fact that cloud service providers are not yet meeting regulations and […]

Software sniffs out criminals by the shape of their nose

Forget iris and fingerprint scans — scanning noses could be a quicker and easier way to verify a person’s identity, according to scientists at the University of Bath. With worries about illegal immigration and identity theft, authorities are increasingly looking to using an individual’s physical characteristics, known as biometrics, to confirm their identity.

File-Sharing Software Potential Threat to Health Privacy

The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing software, according to a research study published online in the Journal of the American Medical Informatics Association. Healthcare professionals who take patient information home to personal computers containing peer-to-peer file-sharing software are jeopardizing patient confidentiality, note the authors of […]

New Security Threat Against ‘Smart Phone’ Users

Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences. The researchers, who are presenting their findings at a mobile computing workshop this week in Maryland, demonstrated how such a software attack could cause a smart phone […]

Malicious Software: Hiding the Honeypots

Armies of networked computers that have been compromised by malicious software are commonly known as Botnets. Such Botnets are usually used to carry out fraudulent and criminal activity on the Internet. Now, writing in the International Journal of Information and Computer Security, US computer scientists reveal that the honeypot trap designed to protect computers from Botnets are now vulnerable to […]

3 Problems Cloud Security Certification Can Solve

What if there were widely accepted standards for cloud security and, better yet, a universally recognized designation for “trusted” cloud providers? The basic promise of cloud computing is undeniably appealing: Increase efficiency and reduce cost by taking advantage of flexibly pooled computing resources managed by somebody else. Indeed, as Bill Brenner of CSO put it, “Given how expensive it is […]