Tag Archives: encryption

Britain’s Greatest Codebreaker – Alan Turing



German Enigma MachineGeeks in the UK may be interested in “Britain’s Greatest Codebreaker” on Channel 4 tonight (21 Nov) at 9pm. Described as a drama documentary, the programme follows the life of Alan Turing, the mathematical genius who was instrumental in breaking the German Naval Enigma code during World War II. His achievements were overshadowed by his homosexuality and two years after being convicted for gross indecency he committed suicide in 1954 aged 41.

According to the notes, the programme will feature “contemporary experts from the world of technology and high science, including Apple co-founder Steve Wozniak.

Set your PVR now.

(The notes also say that the programme will be available on 4oD shortly after transmission, but this is usually only available if you are in the UK or Ireland. 4oD is Channel 4’s on-demand Internet streaming service.)


ToughTech Secure Q with WriteLock Review



External hard drives are a dime a dozen, so when I was give the opportunity to review a ToughTech Secure Q with WriteLock 128 Bit AES Encrypted Hard Drive Enclosure by WiebeTech I jumped on it. I consider a great deal of data that I have on my hard drives to be very sensitive. We have vendor contracts, proposals, user data that includes media statistics and a whole host of other material from running a business that would be very damaging if the data was stolen and ended up on the web or in someone possession.

The standard feature set on this drive is extensive. The unit I tested supported both windows and mac disk formats. I had mine delivered pre-formatted for a mac. The connection options included Firewire 800, 400 eSata and USB 2.0. All of the cables need to make those connections where included.  It came with a slot for a cable lock which allows you to provide another level of security to keep the drive from easily walking off.

I have used secure hard drives in the past that required a thumb print to unlock and access, but this drive is different. This drive actually come with a 128 Bit AES key. The key comes attached to a lanyard or key chain and you have to physically plug the key into the specified slot to unlock the drive “no key no access”.

The manufacture at wiebetech.com provide you with 3 encryption keys that cannot be re-keyed without additional hardware. So forewarning is in order you loose the key provided your data will no longer be accessible. For business owners one key should go in the safe/safety deposit box, and the others should only be maintained by those you trust implicitly.

One of the best features is the ability to write lock the drive. Lets say you pre-load it with forms and data and you do not want this data changed on the drive in any way. There is a write lock button that once pushed locks the drive down.  If you want to re-enable write access you have to open the enclosure to unlock the drive.

Overall this is a great solution for small business owners that are storing sensitive information that they feel may be at risk from compromise in your office setting. They do have AES 256 bit devices available but due to federal guidelines for selling FIPS approved 256bit encrypted products they are restricted in sales of 256bit products to only approved channel partners.  128bit is available on their website.

Pricing was not readily available on the web site. If your looking for hard drive encryption this is the way to go.  This is a great way to secure that sensitive data you have sitting on a unsecured hard-drive. My advice is buy two units so you also have a backed up copy stored securely.

 


British Schizophrenic Jailed for Encryption



Britain has some of the most draconian security laws of the “free” world.  Many of these laws are brought in under the guise of fighting terrorism and paedophiles (which are always guaranteed vote winners) and of course, if you’ve nothing to hide, you’ve nothing to worry about.

Unless you’re an schizophrenic amateur scientist with a distrust of the authorities and you refuse to hand over the encryption keys (passwords) to your USB memory sticks.   That’ll cost you an initial 13 months in jail followed by detention in a secure mental unit at Her Majesty’s pleasure.

Ok, so the case is slightly more complex but the heart of the matter is that this person had done nothing wrong before he was detained by police returning to the UK from France on suspicion of terrorism because he had a model rocket, though the rocket was without its explosive motor.  From that point on, it was a downward spiral.

And how many terrorists and paedophiles have been sent to prison using the same law.  Zero.

The whole sorry tale is at The Register.


Lost Hard Drive Contains 23,000 Social Security Numbers



Students, faculty, and staff at seven campuses of the California State University (CSU) system are at risk for identity theft after a hardware technician improperly disposed of a computer hard drive with unencrypted database tables that included Social Security numbers and other personal details. The CSU is required, under California law, to notify all affected parties.

The law, which went into effect last year, requires notification whenever personal data, such as Social Security numbers, driver’s license numbers or credit card numbers (with identification numbers) have been accessed without authority.

The university system’s hard drive has been missing since Friday, June 25th. The technician left the drive laying on a worktable after upgrading the computer from which it came. In a rush to start the weekend, the drive wasn’t properly secured, and come Monday, there was no sign of it. The drive was most likely picked up by the evening cleaning crew; however, the results of a police investigation was inconclusive.

Dave’s Opinion
Hard disks, like portable media, must be completely destroyed before being discarded. Using a security data deletion (wiping ) program such one that comes with the PGP data security program, would have prevented the data being recovered, even if the drive were reused.

Call for Comments
What do you think? Leave your comments below.


The Big Gorilla Project



Spam is an ever-increasing annoyance for e-mail users. Most people have some form of spam filtering application that reduces the instances of the frequently offensive unsolicited commercial messages. Many of these filters seek to identify spam based on the address from which the message is sent, but spammers are already wise to this trick, and spoofing is now commonplace. By hiding or misdirecting their transmission source, spammers make it exceedingly difficult for most users to determine from where the spam message actually came.

But there’s some hope for spammer identification. An loose alliance formed by large e-mail services (Microsoft, Yahoo, America Online, and Earthlink), the Anti-Spam Research Group (ASRG), and Intelligent Computer Solutions (ICS) is working on an e-mail sender-authentication system that’s been dubbed the Big Gorilla Project.

Using an identification system based on public key encryption, ISPs who have control over outgoing e-mail can include a piece of encrypted code in header of each outgoing message. The code snippet can be used by receiving ISPs to confirm the identity of the outgoing e-mail server and the authenticity of the e-mail message’s return address.

By confirming the identity of the transmission site, it’s a simple matter to blacklist and block known offenders.

Dave’s Opinion
I use a combination of anti-spam filtering applications, both on our incoming mail servers and our client workstations. So far I’ve been able to drop my daily spam tally from over 600 messages to about a dozen, maybe double that on a bad day. But that’s still not good enough. It’s not just receiving junk mail that bothers me, it’s the offensive content.

I’m all for proposals, both legislative and technical, that help kill off spam.

Call for Comments
What do you think? Leave your comments below.

References
Anti-Spam Research Group
Intelligent Computer Solutions