This is a good website that maintains an up to date agenda of most of the information security related events!
I highly recommend the security specialists who are trying to be in-sync with the security events around the world to pop in the site regularly…
——————————————————————————————–
In my opinion Dan Brown made a big mistake in his best seller novel The Da Vinci Code…
Came in the Da Vinci Code:
“Da Vinci had been a cryptography pioneer. Sophie knew, although he was seldom given credit. Sophie’s university instructors, while presenting computer encryption methods for securing data, praised modern cryptologists like Zimmerman and Schneier but failed to mention that it was Leonardo who had invented one of the first rudimentary forms of public key encryption centuries ago. Sophie’s grandfather, of course, had been the one to tell her that.“
Groovey, groovey.. but seriously.. what is this?!!
First of all, according to the novel Sophie studied information security at Royal Holloway, so the instructors Dan is talking about are the Royal Holloway’s instructors… and as a Royal Holloway’s ISG MSc holder with distinction and current PhD student there, I have to say that according to what is claimed in this paragraph YES they failed teaching her that rubbish!! they might taught her the “real” stuff as they do in the real world…!
Phil Zimmerman and Bruce Schneier are modern cryptologists?!
Well as far as I know, Schneier designed the twofish algorithm, however he is known more as a writer and information security expert, his main “thing” is writing articles and books, he wrote many good books like (Applied Cryptography) and (Secrets & Lies)…
Whereas Zimmerman is not a cryptologist at all!! he is known as the developer of the eminent software PGP (Pretty Good Privacy), and in that software he used some well-known cryptographic algorithms like Elgamal… Zimmerman did not develop, design nor criticise any cryptographic algorithms, and for more information about Zimmerman cryptographic capabilities I’d recommend a book named (Crypto) written by Steven Levy…
The Leonardo’s cryptex as come in the Da Vinci Code movie
“it was Leonardo who had invented one of the first rudimentary forms of public key encryption centuries ago”… If Dan is talking here about the Leonardo Da Vinci’s “cryptex” then he must be kidding!!
Cryptex is nothing more than tamper-proof box secured by an alphabetical buzzell!!
in that box there is a letter, if you scroll the right key the box will be opened and you get the letter, and if you try to open the box by force without scrolling the key, a vinegar inside the same box will split on the letter and ruin it.. that is pretty much it!
I can’t see where is the public key encryption in this technique!
Finally, Mr Dan… this is what we studied at Royal Holloway:
Whitfield Diffie and Martin E. Hellman are the first cryptologists talking about the possibility of designing a cipher system that is built on two keys! and that was in their seminal paper “New Directions in Cryptography” published is 1976 (press here to get the paper)…
Ron Rivest, Adi Shamir, and Leonard Adleman (RSA) designed the first public key cipher system in 1977…
Taher Elgamal designed another public key cipher system in 1984…
Mr Dan.. since you tried to mention modern cryptologisits and failed… and since you know precisely where Royal Holloway is.. I think you should meet the Royal Holloway’s Fred Piper.. “The” Fred Piper.. I think he would kindly teach you more about cryptography and cryptologists!!
——————————————————————————————–
أعتقد أن أي متخصص في علوم أمن المعلومات لا سيما المتخصصين في علم التشفير سيعجب كثيرا بهذه المنحوتة الجميلة (كريبتوس) .. سأحاول أن أتكلم عنها بشكل مختصر
هذه المنحوتة هي من تصميم النحات الأمريكي (جيمس سانبورن) و هي تقبع في الدور الأرضي لوكالة الإستخبارات المركزية الأمريكية في ولاية فرجينيا منذ العام 1990م حين تم اهداؤها للوكالة .. و هي مصنوعة من الغرانيت الأحمر و الكوارتز و الخشب و النحاس و مواد أخرى
و هي كلمة يونانية تعني إخفاء kryptos سميت بـ (كريبتوس) و بهذه التهجئة
و قد أخذت المنحوته شكل شريط ملتف لترمز لعملية تجميع المعلومات
تحمل هذه المنحوته أربعة نصوص مشفرة غامضة … فهي مقسومة إلى نصفين.. النصف الأول يحمل النصوص الأربع المشفرة وهي عبارة عن 865 حرف .. أما النصف الثاني فيحمل الجدول الكامل الذي يستخدم في نظام التشفير (فيجنير) القديم في رمز جميل لعلوم التشفير
النصوص الأربعة المشفرة تم تشفير كل واحدة منها بإستخدام نظام تشفير مختلف .. و قد قام بمهمة إختيار النصوص و تشفيرها السيد (إد شيدت) الذي كان وقتها يرأس قسم التشفير في الوكالة .. السيد إد يقول أن هناك سر غامض في المنحوته لا يمكن معرفته إلا في حال تم فك شفرة جميع النصوص الأربعه … و كان السيد إد قد صرح في العام 1990م أنه أخبر السيد (وليام ويبستر) مدير الوكالة آنذاك بمحتوى النصوص الأربعه .. إلا أنه عاد و أنكر ذلك في العام 2005 في إحدى المقابلات
النصوص الأربعة في المنحوته حيرت الجميع .. و قد إنبرى لها العديد من الخبراء الكبار في علم التشفير محاولين سبر أغوارها و اكتشاف محتواها .. حتى ان وكالة الأمن القومي الأمريكية أعلنت أنها حاولت فك شفرات هذه النصوص
و كان الجميع يعتقد أن السر الغامض سيكشف قريبا بعد أن تم فك شفرة النصوص الثلاث الأولى و لم يتبقى سوى نص واحد .. إلا الآمال تبددت قبل شهر واحد تقريبا حين قامت (جمعية كريبتوس) و هي جميعة تهتم بشؤون هذه المنحوته.. قامت بالإعلان أن هناك خطأ في إحدى الكلمات المشفرة في النص الثاني مما قد يؤثر على المجهودات التي تبذل لفك شفرة النص الرابع و الأخير
و لكي تزداد الإثارة .. فقد ثبت أن الغلاف الخلفي للرواية الشهيرة (شفرة دافنشي) في طبعتها الانجليزية يحوي مقتطفات من محتوى النص الثاني و بعض الحروف المشفرة من كريبتوس
عموما هذا هو حل النصوص الثلاثة التي فكت شفرتها حتى الآن
النص لأول
BETWEEN SUBTLE SHADING AND THE ABSENCE OF LIGHT LIES THE NUANCE OF :IQLUSION
النص الثاني
IT WAS TOTALLY INVISIBLE HOWS THAT POSSIBLE ? THEY USED THE EARTHS MAGNETIC FIELD X THE INFORMATION WAS GATHERED AND TRANSMITTED UNDERGRUUND TO AN UNKNOWN LOCATION X DOES LANGLEY KNOW ABOUT THIS ? THEY SHOULD ITS BURIED OUT THERE SOMEWHERE X WHO KNOWS THE EXACT LOCATION ? ONLY WW THIS WAS HIS LAST MESSAGE X THIRTY EIGHT DEGREES FIFTY SEVEN MINUTES SIX POINT FIVE SECONDS NORTH SEVENTY SEVEN DEGREES EIGHT MINUTES FORTY FOUR SECONDS WEST X LAYER TWO
النص الثالث
SLOWLY DESPARATLY SLOWLY THE REMAINS OF PASSAGE DEBRIS THAT ENCUMBERED THE LOWER PART OF THE DOORWAY WAS REMOVED WITH TREMBLING HANDS I MADE A TINY BREACH IN THE UPPER LEFT HAND CORNER AND THEN WIDENING THE HOLE A LITTLE I INSERTED THE CANDLE AND PEERED IN THE HOT AIR ESCAPING FROM THE CHAMBER CAUSED THE FLAME TO FLICKER BUT PRESENTLY DETAILS OF THE ROOM WITHIN EMERGED FROM THE MIST X CAN YOU SEE ANYTHING Q (?)
!كريبتوس كانت و مازالت مصدر إلهام للعاملين في وكالة الاستخبارات المركزية .. و حقيقة أعجبتني الفكرة و المضمون.. و يبدو أني أصبت بحمى كريبتوس التي لم يسلم من حبها كل المهتمين بأمن المعلومات
بالمناسبة.. و رد في مضمون النص الثاني:
WHO KNOWS THE EXACT LOCATION ? ONLY WW …
؟WW فمن هو المقصود بـ
اترككم لفطنتكم ًں™‚
موقع كريبتوس من وكالة الإستخبارات المركزية
و في هذا الرابط ستجد إجابات وافية على الأسئلة المتكررة المتعلقة بكريبتوس
——————————————————————————————–
It seems that the recently arrested “big boss” of Mafia used to encrypt his secret messages using “Caesar” cipher technique!!!
What a lame!!
In a world struggling in developing complicated cipher systems, studying the best hamming weights, building cryptographic oracles, testing the S-boxes…etc, the Mafia’s big boss chose to use Caesar!! Come on!
Not vigenere, not rows transposition, not playfair, not homophinc, not mores, not even simple substituation!! …. Caesar!! 
The news link
——————————————————————————————–
Do you think that just because you bought your computer, you own it!?
Do you have the type of control over your computer that owners usually have over their owned stuff?!
Well, before you go far musing.. I’d like to recommend reading this good article written by Bruce Schneier:
The Article
———————————————————————————————
Check this article out..
I do not agree with the fearing of the emerging and growing search power of Google in the article, I think if we adopt such concept then we should not use the internet at all!! However I find the privacy violation part reading worthy ….
————————————————————————————–
This is one of the most interesting articles I’ve read lately!
It talks about the information security failures recently… why and how to fix them!?
It is indeed a wake up call for the information security community.
———————————————————————————————
Well here is an interesting argument I read about lately…
Is it true that: “Trouble ahead for security industry as Microsoft gets security right”?!
Well I’d agree that Microsoft is approaching the right track in terms of security, and this might be more obvious when the new version Vista is officially released… I studied the Windows security in depth (Access Control, Memory Management, Password Management, SASs, File Management, …etc) and I’m writing a paper nowadays on MS-InfoCard after months of investigations… and I have to say that YES..MS PEOPLE ARE DOING FINE!
However, I strongly disagree that “Trouble ahead for security industry as Microsoft gets security right”… There is no perfectly secured system, the security demand list is endless, and there are many business considerations involved (e.g. many of us may have wondered why doesn’t Windows come up with a built-in anti-virus!!)..
—————————————————————————————–
a sophisticated (yet not clear) fraud attack hit the well-known petrol company “Shell” in the UK… the attack cost Shell £1 million ($1.45 million) and suspended the Chip-and-Pin payment system!!
Shell petrol stations are now taking the customers’ signatures instead of their SC+4 digit PIN… A Shell spokeswoman told the BBC that the “Shell’s Chip-and-Pin solution is fully accredited and complies with all relevant industry standards.” And while the service was suspended, the company hoped to reintroduce it as soon “as it is possible, following consultation with the terminal manufacturer, card companies and the relevant authorities.”
Such attack will without doubt shake the consumers trust in modern Chip-and-Pin payment systems!
I totally agree with Andrew Moloney (senior product manager at RSA Security’s consumer solutions division) as he said:
“The fact that the first breach has occurred so soon after the full implementation in February, shows just how determined and sophisticated today’s fraudsters are”
————————————————————————————–
According to a new survey unveiled at the Infosec Europe 2006 show in London, 41% of the users are having one password to access all the websites and services!!
Despite the fact that this survey hits the ordinary password authentication techniques in a deadly spot, it tells me two things:
1- SSO and Identity-Federation should (would?) be the key concepts in the near future.. and maybe the InfoCard scheme that will be deployed with Windows Vista will help pushing users to such concepts…
2- “The user is going to pick dancing pigs over security every time” as Bruce Schneier used to say.
the user is going to try hardly to put himself in the most “convenient” situation… ordinary password are not sufficient any more!! we must consider more seriously other password techniques such as OT-Password, Query-Based-Password, etc..
According to the survey that relied on the answers of 500 users and conducted by “Sophos”, only 14% use a different password for every website, and 45% admitted that they had a small handful of different passwords to choose from!!
—————————————————————————————
According to eWeek, a critical flaw has been discovered recently in Linux X-Window by an open-source security audit program funded by the U.S. Department of Homeland Security…
It was caused due to a buffer size calculation error within the X Render extension triangle handling code, according to a Secunia advisory…
The flaw could be used to allow local users to execute code with root privileges!!
The company managing the project described the flaw as the “biggest security vulnerability” found in the X Window System code since 2000!!
——————————————————————————————
I’ve selected some presentations given in the core06 conferences (London, UK / Vancouver, Canada) to share with you…
I hope you find them of interest and enjoyable ًں™‚
1. Protecting the Infrastructure
Danny McPherson and Jim DeLeskie – eusecwest/core06 (London, UK)
2. Reverse Engineering Microsoft Binaries
Alexander Sotirov – CanSecWest / core06 (Vancouver, Canada)
3. Carrier VoIP Security
Nicolas Fischbach – CanSecWest / core06 (Vancouver, Canada)
4. How to test an IPS
Renaud Bidou – CanSecWest / core06 (Vancouver, Canada)
Good ones, aren’t they? ًں™‚
——————————————————————————————