http://cordney.com security, technology, life Wed, 01 Oct 2008 18:49:56 +0000 http://backend.userland.com/rss092 en Überrascht, nein - besser überrumpelt, stand ich letzte Woche vor dem Geldautomaten meiner Bank. Denn vor dem Kartenlesegerät des Automaten war ein zusätzliches Gerät angebracht mit einem grünen Schloss-Symbol darauf (Bild s.u.). Aufgrund der vielen Manipulationen an Geldautomaten in letzter Zeit ist man natürlich vorsichtig geworden, also holte ich die ... http://cordney.com/2008/10/01/banken-wehren-sich-gegen-skimming-angriffe/ In a practical course this summer term the task was to implement the twofish block-cipher, a former AES candidate, on an embedded device, a smart card with an ATMega163 microcontroller on board. A prize was promised for the team that has the best performance based on clock cycles per key ... http://cordney.com/2008/07/16/we-made-third-or-twofish-on-a-smart-card/ ..aber interessante Zahlen! So könnte man den heutigen HGI-Vortrag zusammenfassen. Zu Gast war der Chef der Security Labs der G DATA Software AG, einem in Bochum beheimateten IT-Sicherheits Softwarehaus, das für Privat- und Geschäftskunden u.a. Anti-Viren Software anbietet. Das Thema des Vortrags "Schadcode im Internet" wurde zu Beginn gleich in "Schadcode ... http://cordney.com/2008/06/05/im-westen-nichts-neues/ Getting non-standard hardware to work is not that easy. The first thing you'll do is searching the internet for devices reported to work flawlessly with Mac OS X. This came up on me when looking for compatible Smart Card Readers. This is just an example for this "finding the needle ... http://cordney.com/2008/05/21/smart-card-readers-for-mac-os-x/ While setting up a simple VPN with OpenVPN I had to get a Leopard compatible version of Tunnelblick, a GUI openVPN client. Unfortunately the maintainer had some trouble getting it to work with Leopard and the latest version is still very buggy. Luckily someone from the Mozilla dev team fixed ... http://cordney.com/2008/05/14/tunnelblick-for-leopard/ from the system log: :) http://cordney.com/2008/05/14/apple-developers-definitely-have-a-sense-of-humor/ This is a paper I wrote for one of my courses at university. From the abstract: In this paper we determine the security of user passwords on Linux based operating systems. We have a look at the two basic security mech- anisms passwords are created and stored using a reference Linux distri- ... http://cordney.com/2008/04/25/paper-on-the-security-of-linux-user-passwords/ Dealing with all these new technologies like e-passport, the e-healt card, voting machines etc, I strongly encourage extending the 4 primitives of cryptography (and data security, from my point of view): traditional primitives of cryptography: confidentiality authenticity integrity non-repudiation proposal of an extension to the 4 primitives: privacy non-traceability non-linkability http://cordney.com/2008/04/21/extending-the-4-primitives-of-cryptography/ As we are dealing with e-passports in one of our courses, we got to read some very interesting and quite shocking literarure. I highly recommend everyone to read these ones: 1. The Evolution of RFID Security (take this as an introduction to RFID in general), link 2. Protection Profile for Machine Readable Travel ... http://cordney.com/2008/04/21/literature-on-e-passports/ The TrueCrypt team just introduced version 5.0 of it's disk encryption software. It now supports pre-boot authentication to get full disk encryption. Mac OS X is supported for the first time, so you can have full disk encryption on your Mac as opposed to Apple's FileVault implementation, which only encrypts ... http://cordney.com/2008/02/06/truecrypt-for-mac-os-x-just-released/