First quantum encrypted network goes live

Researchers in Vienna demonstrated the first encrypted network protected by quantum cryptography last week, connecting six nodes at Siemens locations. The technology uses photons to distill numerical keys on a secure line. “All quantum security schemes are based on the Heisenberg Uncertainty Principle, on the fact that you cannot measure quantum information without disturbing it,” explained

Gilles Brassard of the SECOQC project. So as shown in the demonstration, when  intruders try to break into a quantum-protected communication, the photons become scrambled and  users are alerted to  the attacks. Previous quantum encryption efforts were only useful between two users on a single line because  routers and other network devices could cause a quantum breakdown. SECOQC developed a way to reroute connections through a secure node to prevent the problem. (BBC)

Government seeks feedback on DNS security overhaul

The US government is taking the initial step to implement Domain Name System Security Extensions at the DNS root level, a change that would require a massive overhaul of domain name registrars, domain name registries, ISPs and users' software. The National Telecommunications and Information Administration is accepting comments on the issue until 24 November. DNSSEC incorporates public-private signature key pairs in the DNS heirarchy, letting software validate data by matching digital signatures. According the NTIA, implementing DNSSEC would help prevent vulnerabilities in the DNS that phishers can exploit. Meanwhile, ICANN released its own proposal for deploying DNSSEC that estimates a production signed root zone by June 2009. (Computerworld)

CarTel connects drivers to traffic analysis in a new way

Cab drivers in Boston are testing a telematics system developed at the Massachusetts Institute of Technology that connects to existing wireless networks  as  vehicles pass by. The system, CarTel, provides historical and real-time traffic conditions  to drivers to help them find the fastest routes. Since it links to the vehicle’s diagnostics system, CarTel can also alert drivers to maintenance problems. “Our goal,” said MIT professor Hali Balakrishnan, “is to make the data behind CarTel available to help you plan and organize your commute and drives. We want to minimize the amount of time spent in your car.” To do so, the research team developed QuickWi-Fi, which  reduces the amount of time it takes to connect to wireless networks by reducing timeouts from seconds to milliseconds and using an optimal scanning scheme  to check for the most frequently used channels first. They also developed methods to handle intermittent connections and high-packet loss rates. (MIT)

Fast-flux DNS becoming more popular in botnets

Botnet operators are increasingly using fast-flux domains to mask their identity and avoid disruption, according to a recent online study. The fast-flux technique cycles the mappings of domain names to  infected hosts’ IP addresses. From January to May 2008, Jose Nazario of Arbor Networks and Thorsten Holz of the University of Mannheim tracked more than 900 fast-flux domain names. They found that the associated botnets had lifetimes varying from less than a day to months and were used for phishing, malware, and selling pharmaceuticals. “Our data shows that most fast-flux domains are dormant for more than one month before their use,” Nazario and Holz said, “meaning that proactively identifying future fast-flux domains has the potential to disrupt the online fraud and crime that is hosted in these networks.” (CNET)

Fraud, violations plague H-1B visa program

A government assessment found significant problems, including forged documents and shell companies,  in the H-1B visa program, according to  US Senator Chuck Grassley (R-Iowa). In a random sample of 246 H-1B employees, US Citizenship and Immigration Services found that one in five visas were affected by  fraud or “technical violations.” “This report validates the major flaws in the H-1B visa program," Grassley said in a statement. "It's unacceptable that these fraudulent activities are slipping through the cracks when there is so much legitimate demand for H-1B visas." (Computerworld)

Clickjacking a critical issue in Adobe Flash Player

Adobe issued a critical security advisory Tuesday warning of potential “clickjacking” in its Flash Player and offered a workaround, a month after two researchers initially disclosed the problem. Through the Flash Player, attackers could gain access to computers’ microphones or cameras after unsuspecting users click on hidden links or dialog boxes. Until Adobe addresses the problem in the next version of the player (a patch is expected by the end of October in Flash 10), it recommends that users prevent attacks by selecting “always deny” in the player’s settings manager. In his blog, researcher Robert Hansen explains that clickjacking is a new type of attack and includes several variants. “Some of it requires cross domain access, some doesn’t,” he said in the blog. “Some overlays entire pages over a page, some uses iframes to get you to click on one spot. Some require JavaScript, some don’t. Some variants use CSRF to preload data in forms, some don’t.” (Computerworld, BetaNews)

RealDVD remains in legal limbo

RealDVD will remain unavailable for purchase for at least a month after a judge declined to lift a restraining order on sales of the DVD copying software. RealNetworks introduced the program last week, but on Friday, the Motion Picture Association of America convinced US District Judge Marilyn Patel to block sales of the program until the lawsuit is settled. RealDVD lets users rip copy-protected DVDs to their hard drives by also copying the protections. RealNetworks says the program is legal and prevents piracy by adding its own DRM to the movies, which are then playable only in the ReadDVD player. (CNET)

AMD spins off manufacturing division

Advanced Micro Devices split its operations Tuesday with the announcement that it’s spinning off its manufacturing division into a new entity, The Foundry Company. The new company will be backed by the Advanced Technology Investment Company of Abu Dhabi, and plans to open a new fabrication facility in Saratoga County, N.Y., as well as upgrade its former AMD plant in Dresden, Germany. The move enables AMD to concentrate on chip design, such as its Fusion technology, which combines a CPU and GPU onto one processor. (The Associated Press)

Tool allows man-in-the-middle attacks on secure connections

A new open source hacking tool can automate man-in-the-middle attacks on banking, e-mail, and social networking sites that mix cleartext http with https. Security expert Jay Beale demonstrated his tool at the SecTor conference in Toronto this week, showing how The Middler can clone users’ sessions, passing https traffic through unmodified while injecting JavaScript into the cleartext traffic to obtain or change information. “Many companies misunderstand that encrypting only the application’s password form leaves their users very vulnerable to man-in-the-middle attacks,” Beale said in his presentation. (Dark Readings)

Mifare Classic smart card open to attacks

According to two research papers published Monday, attackers can easily crack the Mifare Classic access card, a popular RFID smart card used to restrict access at government facilities and military installations, with a few simple tools. The Register reports that Mifare Classic’s proprietary encryption scheme has a weakness that lets crackers guess its key with an RFID reader, a modest-strength PC, and roughly 10 minutes. (The Register)

Showing 3,741 - 3,750 of 4,575 results.
Items per Page 10
of 458