Sunday, January 10, 2010

USB Drives have Security Hole

Computerworld.com has posted this article on a hole in USB encryption. The AES encryption remains secure, but the routine that determines if the password has been entered correctly can be bypassed. Manufacturers have issued updates for the software. Check your drive now.

Pssst. Your Flash Drive Isn't Secure
SanDisk Corp. and Verbatim Corp. have joined Kingston Technology Inc. in warning customers about a potential security threat posed by a flaw in the hardware-based AES 256-bit encryption on their USB flash drives.

The hole could allow unauthorized access to encrypted data on a USB flash drive by circumventing the password authorization software on a host computer.


Tuesday, January 05, 2010

GSM Calls cracked with $1500 and OS Software

In news that should concern any Government Agency or business person darkreading has published news of a planned presentation on just how easy and cheap it is to crack GSM phone calls with current technology. GSM is an encryption that 80% of mobile phone companies relies on to keep conversations secure. Maybe that was appropriate when the standard was adopted, but increased computer power and algorithm development has overturned that view.

Researchers Prepare Practical Demonstration Of GSM Encryption Cracking Technology - wireless security/Security - DarkReading
"GSM has been considered insecure for some years -- however, it is a huge development that the theoretical attack on the GSM encryption cipher is now a reality," says Stuart Quick, operations manager at Henderson Risk Ltd., a London-based security and risk management services firm. "There is now a very real and imminent threat that GSM voice communications will be compromised, and users must start to consider how they can increase the security of their valuable/commercially sensitive calls they make."

The demonstration could also cause some companies to consider separate encryption of cell phone calls, according to one vendor that offers such technology. "Our research shows that 79 percent of organizations discuss confidential or sensitive information at least weekly on mobile phones," says Simon Bransfield-Garth, CEO Cellcrypt Ltd. "The news that GSM has been cracked will be very worrying for anybody who discusses valuable or confidential information over their mobile phone."