Saturday, November 14th, 2009
A Swiss grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer protocol.The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. ...
Posted in Internet, Networking, Privacy, Security | No Comments
Thursday, November 5th, 2009
Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.The flaw lies in the SSL protocol, best known as the technology used for secure browsing on Web sites beginning with HTTPS, and lets attackers intercept secure SSL ...
Posted in Internet, Networking, Privacy, Security, Software | 1 Comment
Friday, October 16th, 2009
Let’s quickly recap the Evil Maid Attack. The scenario we consider is when somebody left an encrypted laptop e.g. in a hotel room. Let’s assume the laptop uses full disk encryption like e.g. this provided by TrueCrypt or PGP Whole Disk Encryption.
Many people believe, including some well known security experts, ...
Posted in Hardware, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Friday, October 2nd, 2009
Yes, your data is encrypted before it gets sent up to their servers for storage (via an SSL connection), but Carbonite keeps a copy of the decryption key on their servers in case they need to decrypt it for various reasons. It's stated in their Privacy Policy so it's not ...
Posted in Internet, Privacy | 2 Comments
Tuesday, September 22nd, 2009
Here is another awesome blog post from Jeff Moser over at Moserware. It's literally a stick figure guide to AES. A must-read. Even if you don't quite understand it.
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
Posted in Coding, General BS, Privacy, Security | No Comments
