FIPS Validated vs FIPS Compliant, What's The Difference?

By Robert Vamosi | 7/17/14 5:45 PM


A lot of companies are saying they are FIPS 140-2 compliant. This is not the same as saying they are FIPS 140-2 certified or validated. The differences are important to recognize.

Read More >

Why Diamonds May Be Quantum Computing's Best Friend

By Robert Vamosi | 3/16/12 12:18 AM

A new quantum memory scheme can store information for more than a second, far longer than the previous methods.

Read More >

Satphone Encryption Cracked

By Robert Vamosi | 2/9/12 2:49 AM

In places where cellular communications is not possible, satellite phones have been used. These include sites of war, third-world countries, and out atop the ocean blue. Now a team of German researchers have found that encryption used in the popular GMR-1 and GMR-2 phones is mathematically weak.

Read More >

Trojan Attacks on Quantum Cryptography

By Robert Vamosi | 2/1/12 4:05 AM

The security of device-independent quantum key distribution (QKD) has been called ineffective by a team of researchers.

Read More >

Wi-Fi Users Beware: Firesheep on the Loose in Your Gmail, Facebook, and Other Online Accounts

By JDavis | 2/23/11 7:36 AM

Firesheep, the latest threat to Wi-Fi users, is free, open source, and easy for even the intermediate user to figure out. In fact, over the past three months, more than 1 million individuals have downloaded Firesheep and have the ability to see what other Wi-Fi users on an unsecured network are doing.

Read More >

Is the Chip and PIN Broken? A Controversial Solution to Bank Card Security

By JDavis | 1/25/11 4:09 AM

What is the security gadget that UK bankers don’t want you to know about? A University of Cambridge student has published a paper on a new device that can protect card-holding consumers from the dangers of hackers, resulting in a financial trade group demanding that it be removed from the public.

According to Ars Technica, increasingly more people are learning about the vulnerability of their bank card system (Europay, MasterCard and Visa cards commonly used in the U.K.), and the protocol flaw that enables a hacker to use someone’s real card without knowing the PIN. Even worse, fraudsters can tinker with Chip-and-PIN card terminals in order to obtain sensitive data.

Read More >

Programming Flaw Could Allow Total PS3 Hacking

By JDavis | 12/30/10 7:25 AM

A team of hackers presenting at the recent 27th Annual Chaos Communication Conference appear to have exploited a programming flaw in Sony's Playstation 3 that could allow them to sign their own code on the console--giving them total control over the device.

Read More >

Good Technology Standardizes on Mocana to Secure Mobile Offerings

By JDavis | 7/25/10 7:44 AM

Mocana today announced that Good Technology has licensed its NanoCrypto cryptographic engine for use on supported mobile platforms, including iOS, Android, Symbian, Windows Mobile, and Palm webOS. Good for Enterprise enables IT administrators to easily define and distribute configuration profiles and enforce compliance policies for devices using the web-based Good Mobile Control console. With solutions that combine a great user experience with the tools that IT needs to manage and protect its mobile enterprise, Good Technology will implement Mocana's NanoCrypto as their universal security client, protecting against increasingly sophisticated attacks directed specifically at non-PC smart devices.

Read More >

Understanding EAX' Smart Grid Security

By JDavis | 7/6/10 9:54 AM

Much of the latest smart grid and AMI technology relies on the open ANSI C12.22/IEEE1703 standard for the transport of meter data over networks. And this specification relies on a security mechanism called EAX', a modification of the EAX mode cryptography scheme.

Read More >

UK Researches Develop "Holy Grail" of Cryptography

By JDavis | 6/7/10 8:29 AM

Researchers at the University of Bristol's Department of Computer Science have devised a new method of encryption that may qualify as the "Holy Grail" of cryptography. By performing the "add" and "multiply" operations on encrypted data, Professor Nigel Smart claims that his new model "will present a major improvement on the recent encryption scheme invented by IBM in 2009." The IBM scheme allowed theoretical simultaneous use of the operations but failed to prove practical.

Read More >