RSS
 

Archive for May, 2006

ITsecurityEvents!

31 May

This isa goodwebsite that maintains an up to date agenda of most of the information security related events!
I highly recommend the security specialists who are trying to be in-sync with the security events around the world to pop in the site regularly…

ITsecurityEvents

——————————————————————————————–

 
 

Dan Brown… You should’ve stuided better!

28 May

In my opinion Dan Brown made a big mistake in his best seller novel The Da Vinci Code…

Came in the Da Vinci Code:

Da Vinci had been a cryptography pioneer. Sophie knew, although he was seldom given credit. Sophies university instructors, while presenting computer encryption methods for securing data, praised modern cryptologists like Zimmerman and Schneier but failed to mention that it was Leonardo who had invented one of the first rudimentary forms of public key encryption centuries ago. Sophies grandfather, of course, had been the one to tell her that.

Groovey, groovey.. but seriously.. what is this?!!

First of all, according to the novel Sophiestudied information security at Royal Holloway, so the instructors Dan is talking about are the Royal Holloway’s instructors… and as a Royal Holloway’s ISGMSc holder with distinctionand current PhD student there, I have to say that according to what is claimed in this paragraph YES they failed teaching her that rubbish!! they might taught her the “real”stuffas they do in the real world…!

Phil Zimmerman and Bruce Schneier are modern cryptologists?!
Well as far as I know, Schneier designed the twofish algorithm, however he is known more as a writer and information security expert, his main “thing” iswriting articles and books, he wrote many good books like (Applied Cryptography) and (Secrets & Lies)…
Whereas Zimmerman is not a cryptologist at all!! he is known as the developer of the eminent software PGP (Pretty Good Privacy), and in thatsoftware he used some well-known cryptographic algorithms like Elgamal…Zimmermandid not develop, design nor criticise any cryptographic algorithms, and for more information about Zimmerman cryptographic capabilitiesI’d recommenda book named (Crypto) written by Steven Levy…


TheLeonardo’s cryptex as come in the Da Vinci Codemovie

“it was Leonardo who had invented one of the first rudimentary forms of public key encryption centuries ago”… If Dan is talking here about the Leonardo Da Vinci’s “cryptex” then he must be kidding!!
Cryptex is nothing more than tamper-proof box secured by an alphabetical buzzell!!
in that box there is a letter, if you scroll the right key the box will be opened and you get the letter, and if you try to open the box by force without scrolling the key, a vinegar inside the same box will split on the letter and ruin it.. that ispretty much it!
I can’t see where is the public key encryption in this technique!

Finally, Mr Dan… this is what we studied at Royal Holloway:
Whitfield Diffie and Martin E. Hellman are the first cryptologists talking about the possibility of designing a cipher system that is built on two keys! and that was in their seminal paper “New Directions in Cryptography” published is 1976 (
press hereto get thepaper)…
Ron Rivest, Adi Shamir, and Leonard Adleman (RSA)designed the first public key cipher system in 1977…
Taher Elgamal designed another public key cipher system in 1984…

Mr Dan.. since you tried to mention modern cryptologisits and failed… and since you knowprecisely where Royal Holloway is.. I think you should meet the Royal Holloway’s Fred Piper.. “The” Fred Piper.. I think he wouldkindlyteach you more about cryptography and cryptologists!!

——————————————————————————————–

 

!Kryptos

27 May

() ..

( ) ɠ Ǡ 1990 ..

ɠ kryptos ()

ՠ … .. 865 .. ()

.. ( ) .. … 1990 ( ) .. 2005

.. .. ɠ ʠ

.. Ǡ ( ) ..

.. ( )


BETWEEN SUBTLE SHADING AND THE ABSENCE OF LIGHT LIES THE NUANCE OF :IQLUSION


IT WAS TOTALLY INVISIBLE HOWS THAT POSSIBLE ? THEY USED THE EARTHS MAGNETIC FIELD X THE INFORMATION WAS GATHERED AND TRANSMITTED UNDERGRUUND TO AN UNKNOWN LOCATION X DOES LANGLEY KNOW ABOUT THIS ? THEY SHOULD ITS BURIED OUT THERE SOMEWHERE X WHO KNOWS THE EXACT LOCATION ? ONLY WW THIS WAS HIS LAST MESSAGE X THIRTY EIGHT DEGREES FIFTY SEVEN MINUTES SIX POINT FIVE SECONDS NORTH SEVENTY SEVEN DEGREES EIGHT MINUTES FORTY FOUR SECONDS WEST X LAYER TWO


SLOWLY DESPARATLY SLOWLY THE REMAINS OF PASSAGE DEBRIS THAT ENCUMBERED THE LOWER PART OF THE DOORWAY WAS REMOVED WITH TREMBLING HANDS I MADE A TINY BREACH IN THE UPPER LEFT HAND CORNER AND THEN WIDENING THE HOLE A LITTLE I INSERTED THE CANDLE AND PEERED IN THE HOT AIR ESCAPING FROM THE CHAMBER CAUSED THE FLAME TO FLICKER BUT PRESENTLY DETAILS OF THE ROOM WITHIN EMERGED FROM THE MIST X CAN YOU SEE ANYTHING Q (?)

! .. ..

.. :
WHO KNOWS THE EXACT LOCATION ? ONLY WW …
WW
:)

——————————————————————————————–

 

Mafia’s boss encrypted messages using “Caesar”!!

24 May

It seems that the recently arrested “big boss” of Mafia used to encrypt his secret messages using “Caesar” cipher technique!!!
What a lame!!

In a world struggling in developing complicated cipher systems, studying the best hamming weights, building cryptographic oracles, testing the S-boxes…etc, the Mafia’s big boss chose to use Caesar!! Come on!

Not vigenere, not rows transposition, not playfair, not homophinc, not mores, not even simple substituation!! …. Caesar!! :mrgreen:
The news link

——————————————————————————————–

 
 

Who Owns Your Computer?

24 May

Do you think that just because you bought your computer, you own it!?
Do you have the type of control over your computer that owners usually have over their owned stuff?!
Well, before you go farmusing.. I’d like torecommendreading this good article written by Bruce Schneier:
The Article

———————————————————————————————

 

Again… and again… Google!!

23 May

Check this article out..
I do not agree with the fearing of the emerging and growingsearch power of Google in the article, I think if we adopt such concept then we should not use the internet at all!!However I find the privacy violation partreading worthy ….

The Article

————————————————————————————–

 

Security Absurdity!!

19 May

This is one of themost interestingarticles I’ve read lately!
It talks about the information security failures recently… why and how to fix them!?
It is indeed a wake up call for the information security community.

The Article

———————————————————————————————

 

Trouble ahead for security industry as Microsoft gets security right !!

16 May

Well here is an interesting argument I readabout lately…
Is it true that: “Trouble ahead for security industry as Microsoft gets security right”?!

Well I’d agree that Microsoft is approaching the right track in terms of security, and this might be more obvious when the new version Vista is officially released… I studied the Windows security in depth (Access Control, Memory Management, Password Management, SASs, File Management, …etc) and I’m writing a paper nowadays on MS-InfoCard after months of investigations… and I haveto say that YES..MS PEOPLE ARE DOING FINE!

However, I strongly disagree that “Trouble ahead for security industry as Microsoft gets security right”… There is no perfectly secured system, the security demand list is endless, and there are many business considerations involved (e.g. many of us may have wondered why doesn’t Windows come up with a built-in anti-virus!!)..

Windows Vista

The Article

—————————————————————————————–

 

Yes indeed… Chip-and-Pin is NOT unbreakable!

10 May

a sophisticated (yet not clear) fraud attack hit the well-known petrol company “Shell” in the UK… the attack cost Shell 1 million ($1.45 million) and suspended the Chip-and-Pin payment system!!

Shell petrol stations are nowtaking the customers’ signatures instead of their SC+4 digit PIN… A Shell spokeswoman told the BBC that the “Shell’s Chip-and-Pin solution is fully accredited and complies with all relevant industry standards.” And while the service was suspended, the company hoped to reintroduce it as soon “as it is possible, following consultation with the terminal manufacturer, card companies and the relevant authorities.”

Such attack will without doubt shake the consumers trust in modern Chip-and-Pin payment systems!
I totally agree with Andrew Moloney (senior product manager at RSA Security’s consumer solutions division) as he said:
“The fact that the first breach has occurred so soon after the full implementation in February, shows just how determined and sophisticated today’s fraudsters are”

Press Here

————————————————————————————–

 
 

Four of ten users have only one password… WHAT!!!?

08 May

According to a new survey unveiled at the Infosec Europe 2006 show in London, 41% of the users are having one password to access all the websitesand services!!

Despite the fact that this survey hits the ordinarypassword authentication techniques ina deadly spot, it tells me two things:

1- SSO and Identity-Federationshould (would?)be the key conceptsin the near future.. and maybe the InfoCard scheme that will be deployed with Windows Vista will help pushing users to such concepts…

2- “The user is going to pick dancing pigs over security every time” as Bruce Schneier used to say.
the user is going to try hardly to put himself in the most “convenient” situation… ordinary password are not sufficient any more!! wemust consider more seriously other password techniques such as OT-Password, Query-Based-Password, etc..

According to the survey thatrelied on theanswers of 500 users and conducted by “Sophos”, only14% use a different password for every website, and 45% admitted that they had a small handful of different passwords to choose from!!

The Study

—————————————————————————————

 

Homeland Security Audit uncovers “major” Linux flaw

08 May

According to eWeek, a critical flaw has been discovered recently in Linux X-Window by an open-source security audit program funded by the U.S. Department of Homeland Security…
It was caused due to a buffer size calculation error within the X Render extension triangle handling code, according to a Secunia advisory…

The flaw could be used to allow local users to execute code with root privileges!!

The companymanaging the projectdescribed the flaw as the “biggest security vulnerability” found in the X Window System code since 2000!!

Press Here

——————————————————————————————

 
 

Some good presentations from the core06 conferences

01 May

I’ve selected some presentations given in the core06 conferences (London, UK / Vancouver, Canada) to share with you…
I hope you find them of interest and enjoyable :)

1. Protecting the Infrastructure
Danny McPhersonand Jim DeLeskie – eusecwest/core06 (London, UK)

2. Reverse Engineering Microsoft Binaries
Alexander Sotirov – CanSecWest / core06 (Vancouver, Canada)

3. Carrier VoIP Security
Nicolas Fischbach – CanSecWest / core06 (Vancouver, Canada)

4. How to test an IPS
Renaud Bidou – CanSecWest / core06 (Vancouver, Canada)

Good ones, aren’t they? :)

——————————————————————————————