Information Security & Occasional Forays Into Adjacent Realms
News, via Paul Rubens writing at eSecurity Planet, of the apparent resurfacing of the TrueCrypt project, this time, with more eyes on the prize, so to speak. Look for a resurrected TrueCrypt 7.1a code-base with a new re-branded name: CipherShed. Hat Tip to Firewall Consultants.
Art credit: Bio Engineering
via the inimitable Kim Zetter, Senior Staff Writer at Wired, comes this staggeringly well crafted piece on the United States National Security Agency / Central Security Service's work to create a tool known as MonsterMind. The natural progeny of encompassing surveillance, is the capability to detect and mitigate malware in the wild.
Credit: Unknown
Bletchley Park has released the August 2014 edition of the Trusts' podcast series, this time, entitled 'Inspiring Women' in cryptanalysis; in which, the Trust focuses on the work women accomplished at Bletchley Park during World War II.
An aged mnemonic given new life. In this case, the utilization of artifacts [color wheels] which inform memory regarding password data entry. Today's' Must Read.
Via the inimitable Brian Krebs, of Krebs on Security, comes reports of insert, thin and mini card skimmers, and the perils of automated banking and commerce for consumers worldwide. The astonishing component to this litany of miscreant evil-doers is the apparent inability of hardware manufacturers' to detect, notify and terminate these devices at will [or, at the very least, reject all cards on the machine when nefarious activities are suspected].
Once more unto the breach, dear friends, once more.* Apparently all the makings [crypto flaws] of an extraordinary breach of sensitive data, this time contained within an enormous number of Android devices, has been discovered. Astonishingly, upwards of eighty-six percentile of all Android devices may be vulnerable.
*[Cry God for Harry, England, and Saint George!' speech of Shakespeare's Henry V, Act III, 1598., evidently all the more relevant today...]
Fascinating screed, via ArsTechnica, by the inimitable Dan Goodin. In which, the well-lettered Mr. Goodin details the discovery of the paucity of BitCoin security. Surprised? Read more at Ars.
Well wrought opinion piece eyeballing the narcissism of one Edward Joseph "Ed" Snowden. Today's' Must Read.
Evidently, the focus could be [if the proposal is to be taken seriously] to combine, if you will, the standard BitCoin mining technique of SOP (or, the scratch-off-puzzle routine) and the notion of distributed data storage...
TrueCrypt, that is...
Now in it's second round of safety audits, the Open Crypto Audit Project is remaining on track (notwithstanding the apparent closure of the original TrueCrypt project) targeting TrueCrypt for their planned audit, based on the highly successful on-line generated bankrolled. The already published Phase 1 Audit Report (in PDF format), reveals little on the downside, unless you expect ruthless attention to detail, and tight coding best practices...
News, of the release of the latest update of security distribution Kali Linux [now at 1.0.7]; just in time for a proverbial weekend update-fest, methinks!
Unfortunate news, for TrueCrypt users, and project contributors... Apparently, the developers of the full disk encryption (FDE) open source product are in the process of shuttering the projects SourceForge site, along with directions targeting the product's users to migrate TrueCrypt partitions to BitLocker.
via Nature [Toshihiko Sasaki, Yoshihisa Yamamoto and Masato Koashi) and reported by Wired's Chris Lee comes this fascinating tale of the tribulations enveloping quantum key distribution [QKD]. The proof, as they say in the vernacular, resides within the experiment...
Darkcoin is apparently- if you believe the chatter- the truly anonymous, successor to Bitcoin. May the Bestcoin win...
The money quote (pun only partially intended):
'Darkcoin adds an extra layer of privacy by automatically combining any transaction its users make with those of two other users–a feature it calls Darksend–so that anyone analyzing the blockchain has a harder time figuring out where a particular user’s money ended up' - via Wired's Andy Greenburg
Via bon vivant, prolific speculative fiction author, and polemic poster of Items of Interest, What-Not and Fanciful Futures - Charlie Stross; comes a diatribe of a sort, in which, Serious Import is Conveyed, discussing the oft-described, little understood and illusive, Edward Snowden. Today's Must Read.