News in the Category "Articles"
Page 20 of 20
Windows NT Security Under Fire
Listen to security expert and consultant Bruce Schneier and he’ll tell you that Windows NT’s security mechanism for running virtual private networks is so weak as to be unusable. Microsoft counters that the issues Schneier points out have mostly been addressed by software updates or are too theoretical to be of major concern.
Schneier, who runs a security consulting firm in Minneapolis, says his in-depth "cryptanalysis" of Microsoft’s implementation of the Point-to-Point Tunneling Protocol (PPTP) reveals fundamentally flawed security techniques that dramatically compromise the security of company information…
Crypto Flaw Found in Microsoft Net Product
MINNEAPOLIS—A computer security expert will announce today that he has found a flaw in Microsoft Corp.’s implementation of a communications protocol used in many virtual private networks.
Bruce Schneier, president of Counterpane Systems here, said Microsoft’s implementation of the point-to-point-tunneling protocol will lead to compromised passwords, disclosure of private information and server break downs in virtual private networks running under Windows NT and 95.
"Microsoft’s implementation is seriously flawed on several levels," said Schneier. "It uses weak authentication and poor encryption." For example, he said Microsoft employed users’ passwords as an encryption key instead of using other well-known and more secure alternatives…
Keeping Secrets in the Digital Age
Used with permission
As the world goes digital, encryption standards become more important.
Even those who don’t use the Internet are affected by security in the online age—everything from bank account and medical information to credit card numbers and transactions requires some form of coding to protect it from prying eyes.
Yet all is not well—with each new standard comes crackers to break it. And, at the other end, governments—particularly that of the United States—are trying their darndest to ensure that encryption technology doesn’t get too powerful. After all, they reason, if encoding techniques become too good, crooks can use them to subvert society…
Common Sense Crypto
When Thomas Paine published Common Sense in 1776 – arguing that the American cause was not merely a revolt against unfair taxation, but a demand for independence – he had no idea that more than 200 years later, the struggle for freedom would be waged between privacy advocates and the national-security establishment. This time, the dispute is over not taxation without representation, but communication without government intervention.
One of today’s crypto revolutionaries is Bruce Schneier, the neatly dressed, ponytailed author of Applied Cryptography…
Cellular Can Be Cracked
A few minutes work on a computer can break the codes that are supposed to protect new digital cellular phone technology from eavesdroppers, a team of researchers said Thursday. The cellular phone industry claimed the impact on users would be “virtually none,” since engineers were working to strengthen the encryption and since a separate code that scrambles voices was not broken.
The Cellular Telecommunications Industry Association also denied that its codes could be broken so easily.
"It involves very sophisticated knowledge," an association statement said. "The announced attack requires multiple minutes—up to hours—of high speed computer processing to break the coded message."…
WirelessNOW Exclusive—Extra Edition
used with permission
In 1992, the wireless industry adopted an encryption system that was
deliberately made less secure than what knowledgeable experts recommended
at the time. It was accepted by the industry because it was a standard that
would meet federal export regulations and would enable digital cell phone
manufacturers to make one phone that could be sold in either the US or
abroad, thus saving money.
As a result, the potential for eavesdropping has always existed and,
some say, has been waiting for criminals with advanced techniques to…
Security Experts to Reveal Cell Phone Flaw
A group of prominent cryptographers will announce today that they have discovered a hole in the privacy protection in next-generation digital cellular telephones. The new phones were supposed to be far more secure from eavesdropping and fraud than the analog phones used by most mobile-phone customers today. But Bruce Schneier, a well-known expert on code breaking, and other researchers have found a way to easily monitor any numbers dialed on a digital phone, such as credit card numbers or passwords. In addition, they say, voice conversations can easily be deciphered. The findings could be a setback for the telecommunications industry, which has touted the security features of the new digital cellular and PCS systems…
Computer Scientists Break Cellular Phone Privacy Code; Team's Effort Deals Setback to Industry
Computer scientists have broken a crucial code that protects the new generation of cellular phones from certain kinds of eavesdropping.
The news is a blow to those who would promote digital cellular telephones as highly secure systems, said Bruce Schneier of Minneapolis-based Counterpane Systems, one of the cryptographers who broke the code.
Breaking the code takes just minutes on a powerful desktop computer, Schneier said.
Schneier and his colleagues, John Kelsey of Counterpane and David Wagner from the University of California-Berkeley, said they broke one of three encryption systems used in the new generation of digital cellular phones. It is the scrambler that keeps eavesdroppers from being able to hear the signals sent from a telephone to the network, and is important for concealing any message punched into the telephone’s keypad. This includes access codes for using long-distance cards, entering credit card numbers, voice mail codes and more…
Code Set Up to Shield Privacy Of Cellular Calls Is Breached
Excerpt
A team of well-known computer security experts will announce on Thursday that they have cracked a key part of the electronic code meant to protect the privacy of calls made with the new, digital generation of cellular telephones.
…
These technologists, who planned to release their findings in a news
release on Thursday, argue that the best way to insure that the strongest
security codes are developed is to conduct the work in a public forum. And
so they are sharply critical of the current industry standard setting
process, which has made a trade secret of the underlying mathematical…
Sidebar photo of Bruce Schneier by Joe MacInnis.