International Association for Cryptology Research (IACR) has published some of its video lectures at the IACR YouTube Channel. Further, some of the videos have been incorporated with IACR paper database at http://www.iacr.org/cryptodb/ which is very useful for the students and researchers.
TrueCrypt version 7.0 has been released. This open source, cross platform, disk encryption tool provides disk encryption for Windows 7/Vista/XP, Mac OS X, and Linux.
With reference to TrueCrypt development team, this version has major update for on-the-fly encryption, includes several improvements, new features, security enhancements and bug fixes on all platforms.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Encryption can be hardware-accelerated on modern processors.
- Provides plausible deniability, in case an adversary forces you to reveal the password:
- Hidden volume (steganography) and hidden operating system.
- Further information regarding features of the software may be found in the documentation.
More information about TrueCrypt v 7.0 is available here:
TrueCrypt Download Page:
Recently it was a news on SecurityFocus.com about massive DDoS attack by flooding CIA, PayPal and hundreds of other organizations website by requesting for connection over SSL as follow:
CIA, PayPal under bizarre SSL assault
Dan Goodin, The Register 2010-02-01
The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.
The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volSSL assault & my opinionunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.
“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”
Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.
It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.
“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.
Security mavens aren’t sure what targeted sites can do to thwart the attacks. Changing IP addresses may provide a temporary reprieve. Adair asks those with better mitigation techniques to contact him. The Shadowserver advisory is here.
I do believe, there is another solution to address this kind of attack. As you are aware, the connection requests have been generated by bots, not the user’s browsers. Therefore, by detecting the type of browser we will be able to detect the bot requests. This kind of detection and mitigation is much easier to perform instead of changing IP addresses. This kind of feature should be added to the firewalls.