International Association for Cryptology Research (IACR) has published some of its video lectures at the IACR YouTube Channel. Further, some of the videos have been incorporated with IACR paper database at http://www.iacr.org/cryptodb/ which is very useful for the students and researchers.
A new variant of the troublesome and harmful GpCode trojan has been detected by Kaspersky Lab. Tagged as Trojan-Ransom.Win32.GpCode.ax this trojan, which spreads via malicious websites and P2P networks, encrypts files on the infected computer and then asks for money in order to decrypt the files. Such trojans are of known as ransomware or cryptovirology.
Read the full story here.
TrueCrypt version 7.0 has been released. This open source, cross platform, disk encryption tool provides disk encryption for Windows 7/Vista/XP, Mac OS X, and Linux.
With reference to TrueCrypt development team, this version has major update for on-the-fly encryption, includes several improvements, new features, security enhancements and bug fixes on all platforms.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Encryption can be hardware-accelerated on modern processors.
- Provides plausible deniability, in case an adversary forces you to reveal the password:
- Hidden volume (steganography) and hidden operating system.
- Further information regarding features of the software may be found in the documentation.
More information about TrueCrypt v 7.0 is available here:
TrueCrypt Download Page:
Skype has been a ten years mystery for network traffic analysis and cyber forensic investigation. Its security, which uses end to end 256-bit encryption, and the need for interception by law enforcements agencies, made it one of the regular questions, for me, at my workshops or investigation cases.
On July 8, 2010 TechCrunch posted an article about some reverse engineering research into the Skype security protocol. There was an image with the first 32 lines of source code for an application which collects the weak keys based on the Rivest Cipher 4(RC4) cryptography algorithm. The application has been written by Mr. Sean O’Neil, the person who claims to have reversed engineered the Skype protocol and developed the afore mentioned application. He has a blog at enrupt.com where he introduces himself as a cryptologist and a reverse engineer.
Unfortunately, I was not able to obtain any more technical information or gain access to the actual application/source code for testing. However, this announcement should be alarming for security communities. It is obvious that there is no ultimate security, but challenges like Mr. O’Neil’s might be helpful.
There are always consequences when this type of information is disclosed, but we need to use such discoveries for improvements. In this case, Skype is a live example, a real world application and the Skype engineers may have deliberately used an algorithm which is prone to attacks.
Those who know a little about information security no longer considering the RC4 algorithm as a secure algorithm. Users have paid heavily with wireless network security breaches due to WEP cryptography which uses RC4.
On the other hand, there is a possibility of governmental influence on the Skype engineers. The NSA, because of U.S. national security interests, has tough compliance rules for American products and services. The security agencies in the USA need to be able to intercept any type of communication. This may have caused poor engineering, in terms of security, by utilizing the RC4 algorithm as one of the security mechanisms in Skype.
Information security experts need to look at this discovery as an opportunity to review current security mechanisms and enhance them.
Recently it was a news on SecurityFocus.com about massive DDoS attack by flooding CIA, PayPal and hundreds of other organizations website by requesting for connection over SSL as follow:
CIA, PayPal under bizarre SSL assault
Dan Goodin, The Register 2010-02-01
The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.
The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volSSL assault & my opinionunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.
“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”
Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.
It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.
“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.
Security mavens aren’t sure what targeted sites can do to thwart the attacks. Changing IP addresses may provide a temporary reprieve. Adair asks those with better mitigation techniques to contact him. The Shadowserver advisory is here.
I do believe, there is another solution to address this kind of attack. As you are aware, the connection requests have been generated by bots, not the user’s browsers. Therefore, by detecting the type of browser we will be able to detect the bot requests. This kind of detection and mitigation is much easier to perform instead of changing IP addresses. This kind of feature should be added to the firewalls.