Forgot your password?
typodupeerror

Submission Summary: 0 pending, 70 declined, 28 accepted (98 total, 28.57% accepted)

Microsoft

Submission + - MS hired a writer to change wikipedia content

Paid Blogger writes: "Seems like Microsoft wanted to pay a blogger in Australia to "fix" some inaccuracies in Wikipedia article on Open Document and OOXML. MS Spokeswoman Catherine Brooker said she believed the articles were heavily written by people at IBM Corp., which is a big supporter of the open-source standard. IBM did not immediately respond to a request for comment."
Security

Submission + - Competition to select a replacement for SHA-1

SHA who? writes: "In the light of recent attacks on SHA-1, NIST is preparing for a competition to select the next set of Hash Functions. The public competition will be much like the development process for Advance Encryption Standard (AES). As a first step in this process, NIST is publishing draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate algorithms, and requests public comment by April 27, 2007.
P.S. NIST has ordered the Federal Agencies to stop using SHA-1 and instead use SHA-2 family of hash functions."
Security

Submission + - Govt to use Full Disk Encryption on ALL computers

Saqib Ali writes: "To address the issue of data leaks from stolen or missing laptops, US Government is planning to use Full Disk Encryption (FDE) on all of the Government owned computers. On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The US Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the US federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to a end in 90 days. You can view all the vendors competing and list of requirements."

Submission + - So why not use full disk encryption on laptops?

Saqib Ali writes: "According to 2006 Security Breaches Matrix, large number of the data leaks were caused due to stolen/missing laptops. The mobile devices will be stolen or lost. But one way to easily mitigate the harm is to use Full Disk Encryption (FDE) on all mobile devices. So why don't we encrypt all our HDDs? Cost, and performance impact are the usual arguments.

Analysis shows that the access time increases by 56%-85% after FDE. As HDDs fills up the fragmentation increases and so will the file access time. With FDE, the swap file (system's virtual memory) gets encrypted as well. This will impact the system's performace noticeably when the virtual memory is being used more often.

Encryption key & password management blues follow. What happens when the user forgets his/her new FDE password? How to manage the encryption key backup files? Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys? Who can access the system and its encrypted files? How frequently does the password need to be changed? How to prevent the user from writing the passwords down? Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!

Cost for Full Disk Encryption solutions ranges from $0-$300.

My Question: Is it not worth using Full Disk Encryption on mobile devices after all the data leaks we have seen in the last few years?"

Slashdot Top Deals

Entropy isn't what it used to be.

Working...