Security Review: Costco

By kurifodo at 9:13 pm on March 16, 2008 | 8 Comments

Summary:
In order to shop at Costco, one must have a membership and proof of that membership. When an individual purchases a membership at Costco, they and their spouse may use the membership at any Costco. Otherwise, no one else is allowed to use that me mbership. If you have ever been to Costco, you know that they check for membership cards at the door and when making purchases at the register. They do not, however, check the name on the membership against another ID to verify you are the person on the card. At the front door, they glance to make sure you have a card, so they do not ever examine the fine details at this stage.

(Read on …)

Filed under: Security Reviews8 Comments »

Apple’s Hymn/FairPlay DRM

By imv at 9:12 pm on Comments Off on Apple’s Hymn/FairPlay DRM

Summary

FairPlay is an encryption scheme (DRM) developed by Apple to  prevent users from further distributing playable content to other users. It  has been cracked numerous times in different ways to create unrestricted/unencrypted versions of the content. The technology has since  been renamed “Hymn”. (Read on …)

Filed under: Security ReviewsComments Off on Apple’s Hymn/FairPlay DRM

Current Events: No need for jello, fingerprint USB sticks are easy to crack.

By jimg at 9:02 pm on Comments Off on Current Events: No need for jello, fingerprint USB sticks are easy to crack.

No need to go to great lengths to try to spoof finger print scanners on USB sticks. You can just tell the device that the data is public. Researches discovered this vulnerability in models from 9pay and A-Data fingerprint USB data sticks. The vulnerability lies in a fundamental design flaw: the signal to access the data comes from the PC, and is not computed on board the chip. This means all one has to do is send the correct signal and the stick happily discloses the data. This can be done with a very simple command from an opensource utility. The manufacturers commented admitting they were aware of the vulnerability, but that it was difficult enough that most people wouldn’t figure it out. A fine example of attempted security through obscurity.

(Read on …)

Filed under: Current Events,PrivacyComments Off on Current Events: No need for jello, fingerprint USB sticks are easy to crack.

Hundreds of Thousands of Web Pages Hijacked

By imv at 8:13 pm on | 1 Comment

McAfee noticed Wednesday an ongoing attack that modifies web pages to redirect traffic to another site in China. This site then infects PC’s with a Trojan to steal personal information, including usernames/passwords for online banking. According to McAfee, “one gang” alone has infected about 12,000 sites, all over the globe. Apparently there may be different groups, because elsewhere in the article mention is made that hundreds of thousands of web pages have been compromised.

(Read on …)

Filed under: Current Events1 Comment »

Security Review: Husky Cards with Smart Card Technology

By mstie74 at 7:23 pm on | 5 Comments

Summary

The Husky Card is a University of Washington student’s lifeline.  It provides student identification, building access, public transportation, and access to monetary funds for use on and around campus. 

Starting in 2009, the Husky Card will get an upgrade to smart card technology.  This is in response to the local public transportation agencies’ ORCA (One Regional Card for All) project which implements an electronic fare system.  Following implementation of this system, Regional Transit will no longer accept the current U-PASS stickers and will require smart cards. (Read on …)

Filed under: Security Reviews5 Comments »

Steam: The Content Distribution Platform for Games

By alpers at 7:17 pm on | 3 Comments

Within the last couple of years, Valve Corporation (of Half-Life fame) over in Bellevue designed and implemented a content distribution platform called “Steam” with the intent of distributing its games through a distributed network placed around the world. Their goal was three-fold: (1) make it simpler to roll out updates instead of forcing clients to manually download patches, (2) make a streamlined interface to purchase, configure, and use the games, and (3) cut out the middle-man (the publisher) and take the additional profit to implement Steam.

(Read on …)

Filed under: Security Reviews3 Comments »

Virus laden hardware emerges

By mccoyt at 4:22 pm on | 1 Comment

While the idea of software viruses is by no means new to those who work with computers, a new vector of attack seems to be developing in the form of hardware shipped from the manufacturer that is already infected with malware. In the past few weeks, a set of digital peripherals, particularly USB picture frames and IPods, have been found to contain one or more malicious executables. With such a method of delivery, it seems that the security industry may need to rethink what can and cannot be considered secure.

 http://www.cnn.com/2008/TECH/ptech/03/13/factory.installed.virus.ap/index.html?iref=mpstoryview

  (Read on …)

Filed under: Current Events1 Comment »

Security Review: The Switch from IPv4 to IPv6

By diademed at 1:56 pm on Comments Off on Security Review: The Switch from IPv4 to IPv6

The premise is, at some point in the future, it would be ideal for the internet to be using IPv6 as it’s main backbone, rather than the current IPv4. A discussion of the features and algorithms of IPv6 is beyond the scope of this review, but if you are unfamiliar with it, or have questions, wikipedia has some good information. The target of this review is that hypothetical night when ISPs, whether all at once or one-by-one, shut off access to the internet via IPv4.

(Read on …)

Filed under: Security ReviewsComments Off on Security Review: The Switch from IPv4 to IPv6

Security Review: iPhone

By duschang at 1:45 pm on Comments Off on Security Review: iPhone

iPhone offers lots of convenient functionality, such as phone, internet, music play and etc., making it a communication power house. However, it also opens up lots of new security risks. Since there is already an security review on iPhone 3rd party apps, I will focus on iPhone it self. (Read on …)

Filed under: Security ReviewsComments Off on Security Review: iPhone

M-Pesa: Banking via SMS

By davidjsh at 1:19 pm on | 2 Comments

I was recently informed about a rather interesting service that is being used in Kenya called M-PESA.   According to their website, “M-PESA provides an affordable, fast, convenient and safe way to transfer money by SMS anywhere in Kenya. Through M-PESA you can:  

  • Deposit money
  • Withdraw money 
  • Transfer money (send) to another M-PESA customer 
  • Transfer money (send) to someone who is not an M-PESA customer; in fact they need not even be a Safaricom customer 
  • Buy Safaricom prepaid airtime 
  • Manage your M-PESA account (i.e. show balance, call support, change PIN and change language).”
  • At first glance, I thought that the original intent M-PESA was for buying and transferring airtime while financial transactions were just a side affect; however, according to the FAQ M-PESA is intended to be “an innovative mobile payment solution that enables customers to complete simple financial transactions including person to person money transfer. It is aimed at mobile customers who do not have a bank account, either through choice, because they do not have access to a bank or because they do not have sufficient income to justify a bank account.”  (Read on …)

    Filed under: Miscellaneous,Security Reviews2 Comments »
    « Previous Page