According to the Epoch Times, in five years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) and convert to a new and more advanced “hash” algorithm, according to the article “Security Cracked!” from New Scientist.

The reason for this change is that associate professor Wang Xiaoyun of Beijing’s Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. This marks the fifth straight encryption method that Xiaoyun’s team has broken (SHA-1, MD5, HAVAL-128, MD4, and RIPEMD).

What does this mean for the rest of us?
Read the rest of this entry »

Imagine a knock on the door after you have been on the Internet, blogging, and the next moment you are under arrest. Amnesty International launched a campaign in defence of Internet bloggers in many countries - including China, Tunisia and Iran who have been arrested for expressing views which have upset their governments.

But how have they been tracked down? It turns out that they have been turned in by major Internet providers such as Yahoo and Microsoft, who have supplied foreign governments with the information they need to pursue them.
Read the rest of this entry »

Smith Barney recently began forcing it’s clients to change their Web login in what is claimed to be a “security enhancement” maneuver. This applies to every client in the US that has a joint account (ie- married couples).

They are forcing this change in conjunction with the requirement of adding challenge questions and answers to each account, but they don’t list the reason for inconveniencing what must be hundreds of thousands, or millions, of clients. In fact, they claim:

Today Smith Barney’s nearly 12,400 Financial Consultants serve more than 7.5 million client accounts representing nearly $900 billion in client assets.

Read the rest of this entry »

I don’t know why Citi doesn’t make a bigger deal about publicizing this feature of their credit cards, but they actually have an excellent security option which helps protect customers making online purchases. They mention it only in one paragraph here.

If you have a Citibank credit card, you can use the Virtual Account Number feature to generate temporary “alias” numbers to give out in place of your actual number. Why would you want to do that? Well, there are lots of reasons… read on and I’ll give you a few.

Peter Gutman, from the Univeristy of Auckland, put together the most comprehensive Introduction to Security overview I’ve seen on the Internet.

I think it’s a fantastic starter for those who know nothing about security, and contains plenty of refresher or new information for security professionals. All in all the entire tutorial would be 400 pages if you print it out.

People who thought their BMW’s sophisticated laser cut key system would keep their cars… well theirs… need to think again.

These brainiac German guys demonstrate quite clearly how to break into any modern BMW in a matter of seconds with a tool kit that costs about $1,200.
Read the rest of this entry »

I spoke with two of the founders of craigsnumber via phone as a follow up to my previous review of the service. Here are the notes from our phone call. The gentlemen I spoke to preferred to remain anonymous so I will refer to them as CN.

CN: From a legal standpoint we are currently in a “quite period” so we’ll share what we can, but it may be limited out of necessity.

Read the rest of this entry »

People routinely ask about my favorite software so, I’ve decided to gather all my top picks in one place to make every one’s life a little easier.

All of the software listed here is free for personal use, meaning:

1. Any of this software can be installed and used at absolutely no charge, forever. There is no nagging, spyware, or anything else nasty.
2. Because it’s totally free, sometimes there is very little support. You either figure out how to use it, or just get rid of it.

So, without further ado, here is the list categorized by type of application:
Read the rest of this entry »

There is a fascinating new service which was just released for general Beta testing 12 days ago that allows you to create a disposable phone number which will redirect calls to your real number - but only for a predetermined amount of time.

I first encountered the site the day it went live, but for some time now I’ve been trying to determine exactly what one would use this for. Now that I’ve had time to digest, I’ve tested the service, recorded the results and posted them here for all to see.
Read the rest of this entry »

Security conscious techies now have some additional evidence to illustrate the inherent risks posed from surfing the Internet unprotected.

According to this article at ARSTechnica, one in twenty-five search results across major search engines result in sites affiliated with spyware, viruses, excessive pop-up advertisements, and junk e-mail.

The study found that not only can regular links found by search engines be dangerous, the sponsored links that appear in prominent positions in the results pages can also be harmful. In fact, in the May study, sponsored links were more than twice as likely to be linked to malware than non-sponsored links (8.5 vs. 3.1 percent).

Read the rest of this entry »

Wow.This is not a joke! The US Transportation Security Agency has already installed a machine in the Phoenix airport that literally sees through 100% of your clothes down to your bare skin and can display high resolution images of you in all your naked glory.

Assuming that all goes well with the initial run of the backscatter at Sky Harbor, similar technologies will be introduced to a number of other major U.S. airports early in 2007.
Read the rest of this entry »

Damn it! I’ve been preaching this for years but I don’t think many people are listening. Security practices in the Internet era have to change! We are way, way behind the technology available and it’s costing far more not to do anything about it than to fix the problems.

For example, the UK government estimates that ID theft costs the nation £1.7bn every year. Let’s see, that’s 1.7 billion divided by 60 million people or £28 per year, for every man, woman, child, infant, invalid and 90 year old in a nursing home. You could equip every person in the country with a fingerprint reader or secure ID token for a fraction of that cost and practically eliminate this huge - and growing - threat.
Read the rest of this entry »