Did you know your SIM card probably relies on 56bit DES?

Subject: General Tech | July 22, 2013 - 02:28 PM |
Tagged: SIM card, security, encryption, black hat 2013

The revelation that SIM cards rely on outdated encryption method make it surprising that an exploit has not been revealed long before now, but there is one that has been discovered and will be featured at this years Black Hat security conference.  The proof of concept used was to send an improperly signed binary SMS to a device over the air which returns an error that contains the entire cryptographic signature for the SIM that received the signal, from there it is rather simple to crack the 56bit DES with modern hardware.  Once you have the key you can send out a variety of commands to the device up to an including an OS update with certain customizations.  Follow the links from The Inquirer for more information.

sim.jpg

"A SIM CARD EXPLOIT that could leave millions of mobile phones vulnerable to hacking has been uncovered by German security firm Security Research Labs (SRL)."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Secure your dongle with Addonics

Subject: General Tech | July 8, 2013 - 02:09 PM |
Tagged: security, encryption, addonics, CipherUSB

The interface is pretty ugly but the Addonics CipherUSB is incredibly easy to use and is effective at folder level and disk level encryption.  With the dongle on your machine you can encrypt internal and external disks which can then only be accessed when a similarly set up dongle and a password if you selected the option to require one.  It uses AES256 ECB or CBC encryption, the standard when it comes to encryption and setup and usage are incredibly easy though there are a few minor flaws on the CipherUSB.  Head over to Techgage for the review and a great overview of encryption in general.

TG_Addonics-CipherUSB.jpg

"As important as data encryption can be for the home user, it’s even more imperative in the enterprise. The problem? The most effective measures are usually cast aside in lieu of something a little easier to deal with. With the CipherUSB, Addonics hopes to bring “simple” and “most effective” together as one. Does it succeed?"

Here is some more Tech News from around the web:

Tech Talk

Source: Techgage

An Open Source and encrypted Skype alternative called Jitsi

Subject: General Tech | March 6, 2013 - 01:03 PM |
Tagged: zrtp, sip, xmpp, voip, skype, open source, Jitsi, encryption

Jitsi seems to be a lot of things, from an IM Client agglomerator such as Pidgin or Digsby, a combined XMPP and SIP VoIP client to a videoconferencing hub with all traffic encrypted using ZRTP.  This Open Source software also claims integration with Microsoft Outlook and Apple Address Book, putting it in competition with Skype on more than one front.  Unfortunately it will not connect to all online SIP or XMPP provider but Jitsi does offer an open XMPP bridge to host video calls and as it is open source there is no reason you could not construct your own.  With the release of version 2.0 a host of new features and improvements have been added which you can read about by following the links at Slashdot.  They have also partnered with the FMJ Project to allow recording of sessions as well as other possible customization thanks to the developers Wiki.

jitsi_logo_876x1311.png

"Among the most prominent new features people will find quality multi-party video conferences for XMPP, audio device hot-plugging, support for Outlook presence and calls, an overhauled user interface and support for the Opus and VP8 audio/video codec. Jitsi has lately shaped into one of the more viable open Skype Alternatives with features such as end-to-end ZRTP encryption for audio and video calls. The 2.0 version has been in the works for almost a year now, so this is an important step for the project."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Google Rolling Out SSL Encrypted Search for International Users

Subject: General Tech | March 12, 2012 - 10:01 PM |
Tagged: SSL, search, international, google, encryption

Google recently announced on their Inside Search blog that the company would be rolling out the default SSL encrypted search option for users signed in with a Google account internationally. Previously, the company made SSL encryption the default setting for Gmail and provided an alternative encrypted.google.com webpage for users that wanted to opt in to encrypted search. Earlier this year, they began testing SSL encrypted search and search results pages for users signed into Google in the US, and they are now ready to expand the default setting to international users.

google_padlock.png

They announced that over the next few weeks, they will begin introducing an SSL (secure socket layer) encrypted search page for localized international google pages such as google.co.uk (United Kingdom) and google.fr (France) among others. Further, they hope that their increased SSL commitment will encourage other websites to enable SSL on their domains to protect users from MITM (man in the middle) attacks and to ensure their sessions stay private.

More encryption is a good thing, and international users will be pleased to finally get a taste of it for their google search queries, especially now that the big G has enabled personalized search results.

Source: Google

Speedy and secure; the best of the encrypted thumb drives

Subject: Storage | April 21, 2011 - 05:56 PM |
Tagged: secure, encryption, usb, thumb drive

If you haven't heard of the FIPS 140 Publication Series it is the Federal Information Processing Standard which accredits encrypted flash drives to one of four levels, with 1 being relatively secure and 4 representing encryption that is almost able to defend its self from penetration.  Adding that level of security can slow things down, which is why Legit Reviews bought a few drives off of NewEgg to test.

TN_usb-flash-drives.jpg

"On paper it looks like the IronKey solutions should be faster, but you can't believe everything a company tells you when they are marketing a product they are trying to sell you. Since security is such a big deal to corporations these days we decided to order in these Flash drives and do some testing of our own. We've heard rumors and have experienced ourselves that review sites often get 'cherry picked' samples, so we ordered in as many drives as our $1000 self-prescribed budget would allow. You can look at our receipts from Amazon.com, TigerDirect.com and PConnection if you'd like..."

Here are some more Storage reviews from around the web:

Storage