Articles about Rsa

Bear attack

What do you give a bear that wants to fork SSL? Whatever it wants!

Into a world already crowded with big name alternatives to OpenSSL, an indy project could look like “yet another SSL implementation,” but Vulture South suspects there are good reasons to take a close look at the just-launched BearSSL. One is that its author, Thomas Pornin, has ignored the kinds of legacy protocols that occupy …
Burning money, photo via Shutterstock

Dell fire sales score US$5.4bn

Dell has filed the regulatory paperwork to confirm the sales of its software and services arms. Dell Software yielded approximately $2.425b of cash and Dell Services brought $2.990b through the door, a total of $5.415b. Dell bought Quest Software for $2.36b and bundled some of its other code into its software unit, so looks …
Simon Sharwood, 07 Nov 2016
Apple

DROWN-ing Xcode developer? Apple's thrown you a lifebelt

Apple has published security updates for Xcode, iCloud for Windows, and iTunes for Windows. Xcode 8.1 plugs holes the Xcode server inherited from Chrome, OpenSSL and node.js. Apple's announcement is here. There's a bunch of OpenSSL patches to start with: CVE-2016-0705 in OpenSSL is better known as the DROWN bug that let …
man in suit clutches briefcase full of cash. Photo by Shutterstock

HMRC to create new compliance team focused on 'gig economy' workers

A new compliance team which will address the "risks" associated with the changing nature of employment is to be established within HM Revenue and Customs (HMRC). Financial secretary to the Treasury Jane Ellison confirmed the measure in a letter to Frank Field, the Labour MP who chairs the House of Commons Work and Pensions …
OUT-LAW.COM, 27 Oct 2016
Househusband: Man in apron wields broom. Image via Shutterstock

EMC moves into Dell house: Where'd I put the spoons?

Comment We've learnt how the EMC organisation has been fitted into its new Dell house, at least at a top exec and product level, and here is an org chart set to show what we believe we know. At the top is Dell Technologies, and that's split into seven product area entities. Dell Client Solutions is the notebook and PC business unit. …
Chris Mellor, 21 Oct 2016

Crypto needs more transparency, researchers warn

Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely. The boffins also demonstrated again that 1,024-bit primes can no longer be …
Office 365, photo by dennizn via Shutterstock

Securing Office 365? There's always more you can do

Wherever you look there's yet another SME or enterprise migrating to Office 365. This says a lot for the attractiveness of cloud-based office suites, and perhaps it also says something about the attractiveness of letting someone else look after one's SharePoint and Exchange servers rather than having to fight with their …
Dave Cartwright, 06 Oct 2016

Google says it would have a two-word answer for Feds seeking Yahoo!-style email backdoor

Since word spread that Yahoo! backdoored its own email servers for US intelligence services, we've heard from rival webmail providers denying they have put in place similar arrangements. That Yahoo! has a cosy relationship with the Feds is not surprising, especially given what we know about PRISM and Section 702 of the Foreign …
Iain Thomson, 05 Oct 2016
Moxie Markinspike

Feds get sweet FA from Whisper Systems Signal subpoena

Open Whisper Systems – the secure messaging firm set up by respected crypto anarchist Moxie Marlinspike – has published the results of a federal subpoena and shown that the Feds got very little for their trouble. OWS builds Signal, the secure messaging and phone service that builds in end-to-end encryption and a host of other …
Iain Thomson, 04 Oct 2016
Dell EMC Frankenstein's Monster

Dell considers Franken-products once it gets around to consolidation

A running gag in the the HBO sitcom Silicon Valley points out that every other technology company has “making the world a better place” as its mission statement. Add Dell to that list: the leaders of the company's Asia-Pacific limb yesterday used more or less that mantra as to explain the company's next moves. In a conference …
Simon Sharwood, 09 Sep 2016

Internet of Sins: Million more devices sharing known private keys for HTTPS, SSH admin

Millions of internet-facing devices – from home broadband routers to industrial equipment – are still sharing well-known private keys for encrypting their communications. This is according to research from SEC Consult, which said in a follow-up to its 2015 study on security in embedded systems that the practice of reusing …
Shaun Nichols, 07 Sep 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 02 Sep 2016

NSA's Cisco PIX exploit leaks

Cisco PIX firewalls can be made to cough up their VPN configurations and RSA private keys, allowing network eavesdroppers to decrypt secure connections. The NSA's Equation Group exploit code – leaked online this week – includes a tool called BENIGNCERTAIN that crafts and sends a special Internet Key Exchange (IKE) packet to …
Iain Thomson, 20 Aug 2016
axe_648

Fortinet axes two per cent of workforce, chops 100 sales, ad staff, execs

Fortinet has laid off 100 sales and marketing staff along with an unknown number of executives, as part of a company wide restructure that has axed about two percent of its workforce The job losses flow from the company's acquisition of IT operations analytics outfit AccelOps in June 2016. Fortinet told The Register in a …
Team Register, 05 Aug 2016
Image: Blackhat

Meet the chaps who run the Black Hat NoC and let malware roam free

Black Hat Neil Wyler and Bart Stump are responsible for managing what is probably the world’s most-attacked wireless network. The two friends, veterans among a team of two dozen, are at the time of writing knee deep in the task of running the network at Black Hat, the security event where the world reveals the latest security messes. …
Darren Pauli, 01 Aug 2016
The hit augmented reality smartphone app "Pokemon GO" shows a Pokemon encounter overlain on a real world trail in the forest in Santa Cruz, California. Photo by Matthew Corley for Shutterstock. EDITORIAL USE ONLY!.

I don't like Mondays, Pokemon, Twitter or Facebook – Sir Bob Geldof

RSA Asia Activist pop star Sir Bob Geldof hates Pokemon Go, Facebook and Twitter, has never bought anything online, and uses a Nokia 3100 which he says avoids the need for mobile security. Sir Geldof Sir Bob and his Nokia relic. The muso and Irish punk-now-pop icon took aim at the meaningless obsessions of the modern world during a …
Darren Pauli, 25 Jul 2016
Symantec director government affairs Brian Fletcher (left) with Microsoft assistant general counsel Cristin Goodwin. Image: Darren Pauli, The Register.

Microsoft and pals re-write arms control pact to save infosec industry

Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat tot he information security industry. The pitch is the result of brainstorming by the group to redefine …
Darren Pauli, 21 Jul 2016
Image by KYTan http://www.shutterstock.com/gallery-1088876p1.html

Asian nations mull regional 'Europol' in fight against cybercrime

RSA APAC A closed-door meeting of cabinet ministers from more than a dozen countries met yesterday to mull the creation of a Europol-style organisation to crack down on cyber crime in the region and abroad, The Register has learned. The Asian organisation is conceptual only, but has support from countries including China, Malaysia, …
Darren Pauli, 21 Jul 2016
Road Closed sign

VPN provider claims Russia seized its servers

VPN provider Private Internet Access (PIA) says its servers have been seized by the Russian government, so has quit the country in protest at its privacy laws. The company has sent an e-mail to users claiming some of its servers have been seized, even though the enforcement regime – in which all Internet traffic has to be …

The Great Brain Scan Scandal: It isn’t just boffins who should be ashamed

Special Report If the fMRI brain-scanning fad is well and truly over, then many fashionable intellectual ideas look like collateral damage, too. What might generously be called the “British intelligentsia” – our chattering classes – fell particularly hard for the promise that “new discoveries in brain science” had revealed a new …
Andrew Orlowski, 07 Jul 2016

EasyDoc malware adds Tor backdoor to Macs for botnet control

Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor. The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the …
Iain Thomson, 05 Jul 2016

Cracking Android's full-disk encryption is easy on millions of phones – with a little patience

Android's full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected – and there's working code to prove it. Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing …
Iain Thomson, 01 Jul 2016

InfiniBand-on-die MIA in Oracle's new 'Sonoma' Sparc S7 processor

Oracle's Sparc S7 processor codenamed Sonoma will not feature on-chip InfiniBand interfaces as expected. The CPU, designed for scale-out systems and revealed in detail by The Register in August, was due to sport an integrated InfiniBand controller capable of shoveling 28GBit/s directly between the processor and other nodes and …
Chris Williams, 29 Jun 2016

Crooks abusing Facebook to offer credit card samples

Crooks are using social networks like Facebook to offer free samples of stolen credit cards. Facebook is “not proactive enough” in dealing with the threat, according to Daniel Cohen, head of anti-fraud service for RSA in Israel. A simple search of “cvv2” inside Facebook turns up several stolen credit card freebie sample …
John Leyden, 27 Jun 2016
Parabolic mic

On her microphone's secret service: How spies, anyone can grab crypto keys from the air

Discerning secret crypto keys in computers and gadgets by spying on how they function isn't new, although the techniques used are often considered impractical. A new paper demonstrates this surveillance can be pretty easy – well, easier than you might imagine – to pull off, even over the air from a few metres away. We all …
Iain Thomson, 04 Jun 2016
US boxing glove, photo via Shutterstock

Life after Safe Harbour: Avoiding Uncle Sam's data rules gotchas

Back in the day I used to work for a multi-national company with a big presence in the US. I learned a lot there, from the usefulness of a BA silver card to how to run the tendering process for a big global WAN. I also learned what a big deal our US cousins make of their data export regulations. This doesn't mean, of course, …
Dave Cartwright, 01 Jun 2016

Quiet cryptologist Bill Duane's war with Beijing's best

AusCERT In March 2011, a suspected-to-be-Beijing-backed hacking unit infiltrated security giant RSA, successfully subverted its SecureID product and hacked top American defence contractor Lockheed Martin. That attack left Bill Duane stressed and exhausted. Duane is a quiet cryptologist who co-developed the SecureID token. As the …
Darren Pauli, 27 May 2016
2001: A Space Odyssey

Lie back and think of cybersecurity: IBM lets students loose on Watson

IBM is teaming up with eight North American universities to further tune its cognitive system to tackle cybersecurity problems. Watson for Cyber Security, a platform already in pre-beta, will be further trained in “learning the nuances of security research findings and discovering patterns and evidence of hidden cyber attacks …
John Leyden, 12 May 2016
Cloud security image

DNS root zone key boost

The internet's DNS root zone is about to get more secure with the rollout of a 2048-bit zone signing key (ZSK), in place of today's 1024-bit RSA key. The change reflects a gradual increase in the digital security of this critical piece of internet infrastructure. With the recent introduction of DNSSEC, the 1024-bit ZSK now …
Kieren McCarthy, 09 May 2016

NIST readies 'post-quantum' crypto competition

Your mission, should you choose to accept it, is to help the National Institute of Standards and Technology (NIST) defend cryptography against the onslaught of quantum computers. It hasn't happened yet, but it's pretty widely agreed that quantum computers pose a significant risk to cryptography. All that's needed is either a …
Michael Dell, photo: Dell

Dell to change name to 'Dell Technologies'

Michael Dell has written to his staff to tell them that Dell will soon become known as “Dell Technologies”. Except for the bit of Dell that sells PCs, which will be called “Dell”, and the bit that sells to the enterprise, which will be called “Dell EMC”. Confused? Here's how Dell the man said it in his letter: “Dell …
Simon Sharwood, 03 May 2016

Colander-wearing Irishman denied driver's licence in Pastafarian slapdown

Ireland’s anti-discrimination quango has rejected claims that Pastafarianism is a religion after an Irishman insisted on wearing a colander for his driving licence photograph. Two followers of the church of the Flying Spaghetti Monster celebrated the first officially sanctioned Pastafarian wedding in New Zealand earlier this …
Joe Fay, 26 Apr 2016
Type arms of an old typewriter

RSA ransomware

Newly-detected ransomware called CryptoBit uses both AES and RSA crypto. PandaSecurity researchers Alberto Moro, Abel Valero, and Daniel Garcia say the ransomware uses AES encryption, then uses RSA encryption to encrypt the AES key. It's not all done perfectly: the trio say "we notice the absence of calls to the native …
Darren Pauli, 22 Apr 2016
Man loads in blanket into the washing machine. Photo by Shutterstock

EMC results: It'll all come out in the post-Dell deal wash

+Comment EMC saw many pockets of growth in its first fiscal 2016 quarter’s results but overall revenues declined because core legacy product revenues fell, as did RSA and the enterprise content business. These declines more than offset the impressive growth rates of newer products. In the EMC earnings call, CEO and chairman Joe Tucci …
Chris Mellor, 21 Apr 2016

VXers pass stolen card data over DNS

The NewPosThings malware has spawned an offspring that exploits the DNS protocol to sneak data past firewalls. The VXers have reasoned DNS has a couple of advantages for data exfiltration. Since the enterprise network can't talk to the Internet without it, it's unlikely to be blocked; and since it's probably thought of as more …
Ultron

MIT boffins build AI bot that spots '85 per cent' of hacker invasions

Eggheads at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) claim they have trained a machine-learning system to detect 85 per cent of network attacks. To reach that level, the software, dubbed AI2 [PDF], parsed billions of lines of log files, looking for behaviors that indicate either a malware infection …
Iain Thomson, 18 Apr 2016

Intel's Broadwell Xeon E5-2600 v4 chips: So what's in it for you, smartie-pants coders

Intel today officially pulls the wraps off its mildly delayed Xeon E5 v4 server processors. These chips follow up 2014’s Xeon E5 v3 parts, which used a 22nm process size and the Haswell micro-architecture. Intel shrunk Haswell to 14nm, and after some tinkering, codenamed the resulting design Broadwell. Server and workstation …
Chris Williams, 31 Mar 2016

Confused by crypto? Here's what that password hashing stuff means in English

Cryptography is dead hard. But being conversant in the key aspects of cryptography – to the extent that you could even explain some of it to colleagues and management – puts you one step ahead of most. Here are five things that'll make you sound like you know what you're talking about. 1. Digital certificates The most common …
Dave Cartwright, 25 Mar 2016

What was all that about a scary iMessage flaw? Your three-minute guide

Watercooler – On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried? As it turns out: no. If you're even a little curious about cryptography and secure programming, though, it should interest and amuse you. On Sunday, the Washington Post learned that Apple had fixed a flaw in the …
Chris Williams, 23 Mar 2016
shutterstock_238128856_phone_theft

Your money or your life! Another hospital goes down to ransomware

Another US hospital has had its records scrambled by ransomware trying to extort money from the sawbones. This time: it's the Methodist Hospital in Kentucky that's been infected. "We've notified the FBI, we're dealing with federal authorities on how to deal with it," the hospital's chief operating officer David Park told local …
Iain Thomson, 23 Mar 2016

Infosec bods pop mobile money crypto by 'sniffing' e-mag radiation

Researchers have broken the encryption schemes used in mobile money transfers by “sniffing” electromagnetic radiation from smartphones. The work, by researchers from the Check Point Institute for Information Security at Tel Aviv University and the University of Adelaide, offers further evidence that TEMPEST-style side channel …
John Leyden, 17 Mar 2016

Secure email bods ProtonMail open signup floodgates to world+dog

Interview Secure email service ProtonMail has come out of beta and re-opened free registration to all for the first time in almost two years. Applications to join the invite-only service had been backed up almost since the day it launched, as the free encrypted mail service quickly reached its upper capacity of users and struggled to …

Dell plans sale of non-core assets to reduce EMC buy debt

Dell and EMC have agreed on the documentation to be put to the latter's shareholders at a forthcoming meeting that will vote on the merger of the two companies. And the document reveals that Dell plans to sell off some non-core businesses after the merger. The document in question is a Form S-4, one of the many regulatory …
Simon Sharwood, 15 Mar 2016

Polite, helpful? Stop it at once in the name of security

In this article I'm going to talk about the second most important aspect of being an IT manager or engineer. “The second?” I hear you cry. Yes, the second, because the most important aspect is terribly dull and doesn't take 800 words to describe: safety. (And if you think I'm mad, ask yourself whether you'd break down the door …
Dave Cartwright, 14 Mar 2016

Sexism isn't getting better in Silicon Valley, it's getting worse

Analysis In the technology field, many people like to think that they are at the forefront of human development, but it is becoming clear that the industry is failing when it comes to dealing with sexism against women. In January, a survey from Stanford University of women who'd spent at least ten years in the tech industry found that …
Iain Thomson, 09 Mar 2016
Rose and Jack drowning scene Titanic. Pic: Fox pictures

Cloud sellers who acted on Heartbleed sink when it comes to DROWN

Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects …
John Leyden, 08 Mar 2016
phishing_648

Bungling Seagate staffer leaked coworkers' social security numbers, other info to email fraudsters

Storage drive biz Seagate is lousy at keeping its own data safe: it accidentally handed over the crown jewels of its employees' private information to persons unknown. A Seagate employee was fooled by an email that masqueraded as an internal memo from the CEO: the message requested people's W-2 forms, and the worker duly …
Iain Thomson, 08 Mar 2016
Honey bee on flower

Dell offers sweet, sweet, free honeypot tool to trap hungry hackers

RSA 2016 Dell SecureWorks duo Joe Stewart and James Bettke have created a free honeypot loaded with fake domain credentials in a bid to help admins trap and block attackers. The researchers built the Domain Controller Enticing Password Tripwire (DCEPT) tool designed to help organisations unmask hackers and shore up defences ahead of …
Darren Pauli, 07 Mar 2016

Snowden is a hero to the security biz – but not for the reason you'd expect

RSA 2016 This year's RSA conference was the busiest on record, with over 40,000 people cramming the halls (and later, bars) of San Francisco, and more than a few of them were raising glasses to NSA whistleblower Edward Snowden. "The Snowden effect has had an undeniable effect on the business," Pravin Kothari, CEO of cloud encryption …
Iain Thomson, 04 Mar 2016

French parliament votes to jail tech execs who refuse to decrypt data

The French parliament has voted in favor of punishing companies that refuse to decrypt data for government investigators – by threatening businesses with big fines and possible jail terms for staff. This comes amid the FBI's high-profile battle with Apple in the US to unlock a dead killer's encrypted iPhone. French deputies …
Iain Thomson, 04 Mar 2016