Archive

Archive for the ‘Cryptography’ Category

Improving Security On Solid State Drives

March 9, 2011 7 comments

This post originally placed on my McAfee Blog – http://blogs.mcafee.com/corporate/cto/improving-security-on-solid-state-drives

Well, One week into the Intel/McAfee relationship and I am pleased to say it’s already bearing fruit. Over the last few days I’ve been reaching out to all my Intel peers, making the connections with people which were simply impossible while the deal was going through all the evaluations.

I had an interesting discussion with Knut Grimsrud in the Intel storage division today about “clever” things we can do to improve performance and security on the Intel SSD hard disks. Read more…

Advertisements

Decrypting messages 147 years late…

January 14, 2011 1 comment

Over the holiday break an interesting story broke re a US Civil War message being finally decrypted after 147 years. The message was in a bottle that had been stored in a Virginia museum since 1896, but had never been investigated. Finally in 2010 a curious collections manager, Catherine Wright asked retired CIA codebreaker David Gaddy to crack it and see what it said.

The story of the message is interesting in itself, but what I wanted to share with you is how obscure the craft of codebreaking can be. Let’s start with a picture of the message so you know what we are dealing with here… Read more…

Speaking at “The Security Standard Conference”, NY on 13th September

August 4, 2010 Leave a comment

For those who follow me around, I’ll be speaking at “The Security Standard” on September 13th 2010. It’s only a short spot but I’ll be introducing some new information about McAfee’s unified DLP solution, and talking briefly about data protection regulations.

Two Gulf States to Ban some BlackBerry Functions..

August 2, 2010 Leave a comment

Following on from a failed state-wide “hack” of the Blackberry system, where the state-controlled telco etisalat tried to distribute a “performance enhancing patch” to Blackberry users (which turned out to be a state-controlled back door program), The United Arab Emirates is threatening to block e-mail sending and IM delivery on Blackberries, and Saudi Arabia is threatening to block Blackberry-to-Blackberry IM.

According to BBC News:

Both nations are unhappy that they are unable to monitor such communications via the handsets. This is because the Blackberry handsets automatically send the encrypted data to computer servers outside the two countries.

Read more…

New China encryption rules won’t pose headaches for U.S Vendors?

This week, Jaikumar Vijayan at Computerworld posted an interesting article about new Chinese rules designed to control the import of non-domestic encryption products.

Many people have infered that these new rules will mean products imported into China will be somehow compromised, or unsafe, because their details will have been released to the Chinese Government.

Nothing could be further from the truth.. Read more…

Passware release Bitlocker/Truecrypt Decryption Tool

April 5, 2010 Leave a comment

Following on from my post “10 Things You Don’t Want To Know About Bitlocker”, “TPM Undressed” and “Firewire Attacks Revisited” it recently came to my attention that Passware, Inc. A feisty California company has released a version of their forensic software which will decrypt Bitlocker and TrueCrypt protected hard disks via the classic Firewire vulnerabilities.

A full write-up can be found on the Passware site, but simply, given a machine that’s running, but has encrypted drives (for example one using Bitlocker in TPM-only mode, or a machine which is suspended, not hibernated). As to how to do it, well they have implemented the exploit in a very neat and usable way:

Read more…

NIST 800-111. Practical Advice for Data Protection Projects

February 26, 2010 1 comment

This week I want to take an opportunity to remind readers of the excellent NIST publication 800-111.

Yes, I know, another complex government sponsored report, but 800-111, for those implementing any kind of data protection project, is one of the best reports on the subject, dealing with technology, practical use of, and risk analysis. It’s really (for NIST publications anyway) a very good read.

The other reason to pay attention to 800-111, is quite simply it’s the document regulations mention when talking about “Good Practice”, “Industry Standard processes”, “Accepted Best Practice” etc. This document contains the advice that you’ll be measured against if you ever end up in court defending your Security Policy against something like Massachusetts 201 CMR 17.00. Read more…