Juergen Kreileder - Slashdot User

Submission + - Online backup services with severe security holes (heise-online.co.uk)

Submitted by

juct

on Friday May 23, 2008 @08:39AM

juct writes: "Online Backup is cheap, easy and because of strong encryption even secure. But hold on — even though service providers for online backup do encrypt data locally and secure the communication with the backup server via SSL there might be something missing. In a test heise Security found that four out of six tested backup clients did not do strong authentication. Because they did not check the certificate of the server, the heisec testers were able to mount a man in the middle attack. In two cases that gave them access to all the stored data, in the other two they were at least able to delete all backups."

Submission + - Build a Wi-Fi antenna using household materials (heise-online.co.uk)

Submitted by

juct

on Friday April 18, 2008 @10:07AM

juct writes: "Who'd have thought that a toilet-brush holder, of all things, would turn out to be an excellent WiFi antenna? heise online has a shows that you can achieve great results for little expense — and half an hour's work."

Comment Re:Encrypt everything. (Score 1) 309

by Juergen Kreileder on Saturday April 05, 2008 @01:49PM (#22973960) Attached to: ISPs Using "Deep Packet Inspection" On 100,000 Users

Underscores are not allowed in hostnames (RFC 952). Besides, it's an ugly solution and the URLs look like those used by phishers.

The subjectAltName option is nicer but some browser have problems with it.

Submission + - Secure USB sticks cracked (heise-online.co.uk) 1

Submitted by

juct

on Wednesday March 12, 2008 @12:26PM

juct writes: "Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending a single USB command — Command Descriptor Block — that changed the accessible partition. They found the vulnerability in the MyFlash FP1 from A-Data (USB-ID 1307:1169) and the 1GB Secure Card (USB-ID 7009:1765) sold by 9pay. The JetFlash 210 and 220 fingerprint sticks from Transcend use the chips in question and also provide access to the protected partition after transmission of a single USB command. The UT176 made by CySecure could also suffer from the same flaw, though they have not tested it yet."

Submission + - German Constitutional Court rejects spying on PCs (heise-online.co.uk)

Submitted by

juct

on Wednesday February 27, 2008 @01:05PM

juct writes: "Germany's Federal Constitutional Court has rejected provisions adopted by the State of North Rhine-Westphalia that allowed investigators to covertly search PCs online. This raises the bar significantly for plans of the German government for secret online seaches of PCs. In its ruling, the court creates a new right to confidentiality and integrity of personal data stored on IT systems; the ruling expands the current protection provided by the country's constitutional rights for telecommunications privacy and the personal right to control private information under the German constitution."

Submission + - Stealing PINs with a needle (heise-online.co.uk)

Submitted by

juct

on Wednesday February 27, 2008 @12:37PM

juct writes: "Serious flaws have been found in two widely used point of sale (EPOS) PIN entry devices examined by the University of Cambridge Computer Laboratory. The researchers found they could readily bypass the supposed tamper-proofing of both terminals and read transaction data using a paper clip and a needle. In their analysis heise Security at least partly blames "the continuing shift in liability for fradulent transactions from the card issuer to the merchant" which is likely to reduce the incentive to produce secure systems."

Submission + - Cult of the Dead Cow returns with Google hacking (heise-online.co.uk)

Submitted by

juct

on Wednesday February 20, 2008 @09:58AM

juct writes: "Google hacking is not really new — and neither were backdoors ten years ago, when cDc released Back Orifice. But like the latter Goolag Scan rubs salt into an open wound: "Private individuals, firms, and even governments are putting more and more stuff on the web, and nobody cares what it means for security", explained cDc member Oxblood Ruffin to heise Security. The tool makes it a matter of mouse clicks to find sensitive information, hidden backdoors or vulnerable servers. Its use might be illegal in some countries though."

Comment Re:Bad link (Score 1) 4

by juct on Monday February 18, 2008 @07:01PM (#22468720) Attached to: Cracking a crypto hard drive case

Ok -- I resubmitted with working links. I hope the editors don't mind. thanks, ju

Submission + - Cracking a crypto hard drive case (heise-online.co.uk)

Submitted by

juct

on Monday February 18, 2008 @06:53PM

juct writes: "An AES label alone does not ensure that your data are protected. heise examined a hard drive enclosure with an RFID key that is quite typical for lots of similar products. They found that the 128-bit AES hardware encryption claimed in adverts, was in fact a simple XOR encryption that they were able to break easily with a known plaintext attack. (Editors: resubmitted with correct links this time — sorry for the one I screwed up)"

Submission + - Cracking a crypto hard drive case (heise-online.co.uk) 4

Submitted by

juct

on Monday February 18, 2008 @02:55PM

juct writes: "An AES label alone does not ensure that your data are protected. heise examined a hard drive enclosure with an RFID key that is quite typical for lots of similar products. They found that the 128-bit AES hardware encryption claimed in adverts, was in fact a simple XOR encryption that they were able to break easily with a known plaintext attack."

Submission + - "Encrypted" hard drive enclosures simple t (heise-online.co.uk)

Submitted by Jono on Monday February 18, 2008 @01:39PM

Jono writes: Heise online UK is reporting that some USB hard drive enclosures advertising themselves as having "128-bit AES encryption" are trivial to crack. They give a list of some of the affected enclosures. There's the science of how they cracked them as well.

Submission + - Kernel Log: Linux-next to speed development work (heise-online.co.uk)

Submitted by

juct

on Saturday February 16, 2008 @08:40PM

juct writes: "Linux developers plan to collect new code for the next-but-one version of the Linux kernel in a special developer kernel, the aim being to improve coordination of subsystem maintainers' work."

Submission + - ISO specifies testing DVD lifetime (heise-online.co.uk) 1

Submitted by

juct

on Saturday February 09, 2008 @01:05PM

juct writes: "The International Standards Organization (ISO), the International Electrotechnical Commission (IEC), and the Optical Storage Technology Association (OSTA) have specified a testing procedure to determine the durability of blank DVDs. This means, that media manufacturers will soon be able to specify the probable lifetime of their DVDs. Full story on heise online"

Submission + - Dispute about images of Mohammed at Wikipedia (heise-online.co.uk)

Submitted by

juct

on Saturday February 09, 2008 @12:53PM

juct writes: "The iconoclasts are once again taking the foreground at the free online Wikipedia encyclopaedia. In an online petition, more than 90,000 Muslims demand that images of the Prophet Mohammed be deleted. The Wikipedia community refuses to do so. Full story on heise online"

Submission + - Linux developer switches to Windows Security team (heise-security.co.uk)

Submitted by

juct

on Tuesday January 22, 2008 @01:09PM

juct writes: "According to Microsoft, the company was able to win over the brains behind the AppArmor Linux security solution. From now on, Crispin Cowan will be working on User Account Control (UAC) and integrity levels."

Slashdot Top Deals