New Banking Trojan Hijacks Out-Of-Band Mobile SMS

June 25, 2014

One of the ways to defeat fraud in banking is to use out-of-band communications with the account holder. That usually means sending an SMS text. But a new family of malware aims to defeat that.

Read More

Red Balloon Security Gets Off The Ground At RSA

June 25, 2014

Printers and VoIP phones are about to get a shot in the arm--literally, defensive code injected into their system to secure them from potential hacks.

Read More

Chip Malfunctions Reveal Private Keys

June 24, 2014

Key leakage via side channel attacks, were the attacker "listens" to fluctuations in voltage as the encryption takes place, is well known. Recently, German researchers found that a faulty processor might also leak secrets during encryption. Known as transient faults, these were considered hard to produce … until now.

At last week's Black Hat Briefing in Las Vegas, Valeria Bertacco, associate professor of electrical engineering and computer science at University of Michigan and her team, found a way to produce transient faults on Linux servers they built running an Open SSL library and RSA encryption. The team found several ways for the server to fail: by altering the voltage; by changing the temperature of the chips; by over-clocking (it shortens the time to traverse the logic cloud); and natural particles that change internal signals. She demonstrated these adverse conditions on a Leon3 SPARC system using OpenSSL 0.9.8i ’s fixed Window Exponentiation algorithm.

Read More

BYOGG - Beware Your Own Google Glasses

June 24, 2014

One of the underlying themes of my book When Gadgets Betray Us is that cool gadgets beget new security concerns. Apparently someone at RSA agrees.

Read More

RSA SecurID Software Token Vulnerability Found

June 24, 2014

Recently a researcher from SensePost posted a technique that can be used to defeat RSA’s software based SecurID tokens. The research shows that one of the key components to the number generation can be easily accessed from the local system and copied. To access this file the attacker must be the administrator or the actual user. It is important to note that this only applies to the software-based tokens, not the hardware based ones that are commonly seen on people’s key chains.

What is important here is that encryption is not a magic security tool. Even the most robust encryption algorithm can have security vulnerabilities in key generation or key storage, rendering it insecure. It is also important to note that securing the endpoint still remains a major concern at every level.

Read More
COMMENTS