Quote from Bruce Schneiers page : This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The [...]

read full post »

In addition to the crypto algorithm of the GSM mobile telephony standard, security researchers have also cracked the encryption code for calls from cordless phones that are based on the widely used Digital Enhanced Cordless Telecommunication (DECT) standard. This was announced by members of the deDECTed.org project group at the 26th Chaos Communication Congress (26C3) [...]

read full post »

The malware coder who wrote the sniffer program used in the infamous TJX credit card heist has been jailed for two years. Stephen Watt, 25, from New York, was also order to spend a further three years on probation following his release. He was also ordered to pay $171.5m in restitution. Watts was part of [...]

read full post »

Die Internettelefonie über Skype galt eigentlich als sicher. Das dem nicht so ist, wurde im vergangenen Sommer bekannt. Der «SonntagsBlick» berichtete Ende August über Ruben Unteregger, der den Quelltext für einen entsprechenden Trojaner im Internet veröffentlicht hatte. Unteregger ist ein ehemaliger Mitarbeiter des Schwyzer Unternehmens Era IT Solutions . 2006 deckte die «SonntagsZeitung» auf, dass [...]

read full post »

Cryptographers have moved closer to their goal of eavesdropping on cellphone conversations after cracking the secret code used to prevent the interception of radio signals as they travel between handsets and mobile operators’ base stations. The code is designed to prevent the interception of phone calls by forcing mobile phones and base stations to rapidly [...]

read full post »

For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients’ networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from de­­fense to offense. And Mega-D–a powerful, resilient botnet that [...]

read full post »

A Romanian hacker who goes by the handle “unu” has struck again: This time, he demonstrated how a SQL injection vulnerability left personal information in the form of passports exposed on an Intel Website. Unu, who previously exposed SQL injection vulnerabilities in The Wall Street Journal and Kaspersky Lab’s Websites, this time focused on an [...]

read full post »

A former prison inmate has been ordered to serve 18 months for hacking the facility’s computer network, stealing personal details of more than 1,100 of its employees and making them available to other inmates. Francis G. Janosko, 44, received the sentence earlier this week in federal court in Boston after pleading guilty to the hacking [...]

read full post »

Ruben Unteregger aka Megapanzer demonstriert mit seiner Veröffentlichung, dass man auch die aktuelle Version der VoIP-Software Skype problemlos zum Abhören von Gesprächen missbrauchen kann. Der Programmierer arbeitete früher rund 7 Jahre für das Schweizer Unternehmen ERA IT Solutions und war dort für die Erstellung von Schadsoftware zuständig. Dem Unternehmen wird nachgesagt, dass sie auch im [...]

read full post »

Dear readers I used the time over christmas to work on the Skype trojan source code. The code was a little messy, it compiled but at some places it crashed. The old source was optimised for Skype 3 and about for a year now Skype 4 is spreading more and more. Therefore I decided to [...]

read full post »