Broad New Hacking Attack Detected

“Global Offensive Snagged Corporate, Personal Data at nearly 2,500 Companies; Operation Is Still Running

Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.”

Continue reading at the Wall Street Journal.

Computer Security Chip Hacked

The Trusted Platform Module has been hacked. This is the security model behind several computer security products including Microsoft BitLocker and was considered one of the most secure platforms. BitLocker is the disk encryption software used in Vista, Windows 7 and Server 2008.

It took Chris Tarnovsky 6 months to hack the platform and it involved using acid on the chip. Wow, some guys are really determined! Chris talked about the hack at the Black Hat Briefings in Arlington, Va. Read more at ABCNews.


Computer Security: Surf Anonymously with Tor

Whenever you communicate online, send e-mails, or visit websites, your network address is included with every transmission. This address points back directly to your machine, or the proxy that provides access to your machine. With Traffic analysis, your communication on the web can be tracked. Why is that bad you ask?

According to Wikipedia, Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security…

Traffic analysis is also a concern in computer security. An attacker can gain important information by monitoring the frequency and timing of network packets. A timing attack on the SSH protocol can use timing information to deduce information about passwords since, during interactive session, SSH transmits each keystroke as a message.[6] The time between keystroke messages can be studied using hidden Markov models. Song, et al. claim that it can recover the password fifty times faster than a brute force attack.

Continue reading “Computer Security: Surf Anonymously with Tor”