Setting up encrypted swap.

As computers go these days, it is not unusual for the amount of free RAM to reach a critical level at which no other processes will fit into what little unused memory is left. Modern operating systems will then start swapping pages of memory to disk to make room; the data can be read back in later if necessary. This is a procedure called swapping, and it can take several forms. Windows maintains a large hidden file somewhere on the drive (usually in the root directory of C:) which it uses for this purpose. Linux, UNIX, and UNIX-alikes most often …

Read more...

Safe browsing from hacker cons: Running a personal proxy.

Whenever I plan on using my laptop at a convention, in particular at hacker cons, it's practically assured that an unknown number of attendees will be monitoring the wireless network in some manner for nefarious purposes. Because many application protocols in use do not use cryptographic systems to protect traffic (like instant messenger and webmail), it's possible to record what people are doing as they do it, or worse record the credentials used to log in. The software to do this is trivially easy to acquire because protocol analyzers (more commonly called packet sniffers) have legitimate uses when troubleshooting networks …

Read more...

All that encrypts hard drives may not be crypto.

Earlier this week the information security community collectively slapped its forehead as computer magazine C't published the results of its security analysis of the the Easy Nova Data Box PRO-25UE RFID, an external hard drive that was advertised as transparently encrypting stored data at the drive level using the AES cryptosystem and a 128-bit key (an algorithm and keysize which the NSA has blessed as worthy of encrypting information carrying a security classification of SECRET or lower, incidentally). A key fob containing an RFID chip is used to unlock the drive and provide access to the encrypted data. Because all …

Read more...

HIPAA doesn't imply that you can trust those in control, now does it?

Joseph Nathaniel Harris, a former branch manager at the San Jose Medical Group in California was sentenced to 21 months in prison and fines in excess of $145kus for stealing medical data. When Harris left his position after allegations that he'd been stealing money and medication from the facility, he is said to have stolen two computers and a DVD-ROM disk containing sensitive information about 187,000 patients, including Social Security numbers, medical histories, and diagnoses. The computers were found to have been sold for cash, but kept the disk containing the patient data. Thankfully none of that data got …

Read more...

Quantum encryption partially cracked?

A team of researchers at MIT have figured out how to partially compromise quantum cryptography systems through a creative interpretation of the entanglement principle. In a system protected with quantum cryptographic principles, bits of information are encoded by assigning meaning to the polarisation of individual photons of light (up-down could mean a one, left-right could mean a zero) and thus exchange keying material. The very act of observing quantum particles changes their properties and thus destroys the data encoded in the particles, so in theory an eavesdropper Somewhere Out There listening in would corrupt the stream of data by damaging …

Read more...

Interview with Muslix64.

More from the front lines of the DVD content protection war - slyck.com has posted an interview with Muslix64, who cracked the copy protection of both HD DVD and Blu-Ray within a couple of weeks of work as an act of 'fair use enforcement'. When you consider the fact that you can't watch either of these kinds of DVD on anything but an HDCP High-Definition monitor (which very few people have), you have to wonder if you really have fair use of the DVDs you purchase anyway... the interview also goes on to explain how AACS works, and that by …

Read more...