Posts Tagged ‘security’
A programming glitch in Apple’s OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked.
<a href="http://www.computerworld.com/s/article/9219297/AES_proved_vulnerable_by_Microsoft_researchers"Show that algorithm underlying most all of today's online transactions can be compromised.
Their attack can recover an AES secret key from three to five times faster than previously thought possible, reported the Katholieke Universiteit Leuven, a research university based in Belgium.
And this at a time when they want to increase offshored labour for foreign companies. Bullet, meet foot.
Phil Zimmermann said it best in 1991: If privacy is outlawed, only outlaws will have privacy.
Looks like all the iPhone 3G owners are screwed.
They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
Top of the list: SQL Injection!
The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL’s implementation of the elliptic curve digital signature algorithm (ECDSA), and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server.
“This paper describes a timing attack vulnerability in OpenSSL’s ladder implementation for curves over binary fields. We use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, we mount a lattice attack that recovers the private key.”