Computer Scientists Crack RSA's Ironclad Secure ID 800 Tokens [Security]

Source: http://gizmodo.com/5921325/computer-scientists-crack-rsas-ironclad-secure-id-800-tokens

If you're used to seeing a device like this on a daily basis, you probably assume that it's a vital security measure to keep your employer's networks and data secure. A team of computer scientists beg to differ, however— because they've cracked the encryption it uses wide open.

Ars Techinca reports how a team of European computer scientists leveled their sights at RSA's SecurID 800 encryption system, which is often regarded by large organizations to be an incredibly secure way to store the credentials needed to access confidential data. They managed to develop an approach that requires just 13 minutes to crack the device's encryption. Ars Technica describes how it works:

If devices such as the SecurID 800 are a Fort Knox, the cryptographic wrapper is like an armored car used to protect the digital asset while it's in transit. The attack works by repeatedly exploiting a tiny weakness in the wrapper until its contents are converted into plaintext. One version of the attack uses an improved variation of a technique introduced in 1998 that works against keys using the RSA cryptographic algorithm. By subtly modifying the ciphertext thousands of times and putting each one through the import process, an attacker can gradually reveal the underlying plaintext, D. Bleichenbacher, the original scientist behind the exploit, discovered. Because the technique relies on "padding" inside the cryptographic envelope to produce clues about its contents, cryptographers call it a "padding oracle attack." Such attacks rely on so-called side-channels to see if ciphertext corresponds to a correctly padded plaintext in a targeted system.

The same attack actually also works on plenty of other devices, including electronic ID cards carried by all Estonian citizens and a number of other security tokens provided by other companies, including the Aladdin eTokenPro and iKey 2032 made by SafeNet, the CyberFlex manufactured by Gemalto, and Siemens' CardOS.

The nature of the attack does require the hacker to have physical access to the token, but if access to a system is required, that doesn't seem like a deal breaker. According to the researchers RSA is aware of the compromise and is in the process of planning a fix. In the meantime, keep your eyes on you key fob. [Project-Team Prosecco via Ars Technica]

Image by EMC

Read More...

Summary only...

Vizio's Google TV box emerges as the Co-Star Stream Player, goes up for pre-order in July with OnLive gaming

Source: http://www.engadget.com/2012/06/26/vizio-google-tv-box-emerges-as-the-co-star-stream-player/

Remember the Vizio VAP430 Stream Player that we tried during CES? Half a year later, the Google TV hub is getting full launch details, just in time for Google I/O. Along with receiving the much more elegant title of Co-Star Stream Player, the set-top box now bakes in OnLive streaming game support -- the Co-Star could, in theory, replace a game console for any American with a good broadband connection. Whether or not playing Just Cause 2 on a TV is in the cards, the hub ticks all the 2012 Google TV checkboxes, including a hybrid keyboard and remote, 3D-capable 1080p video and DLNA media sharing. Before you rush to the local big-box store to pick one up, be warned that pre-orders don't start until July, and then only on Vizio's website. The $100 price, however, will make it considerably easier to wait.

Continue reading Vizio's Google TV box emerges as the Co-Star Stream Player, goes up for pre-order in July with OnLive gaming

Vizio's Google TV box emerges as the Co-Star Stream Player, goes up for pre-order in July with OnLive gaming originally appeared on Engadget on Tue, 26 Jun 2012 09:15:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Read More...

Summary only...

Native Firefox Android browser adds speed, Flash, HTML5 and a fresh look (hands-on)

Source: http://www.engadget.com/2012/06/26/native-firefox-android-browser-adds-speed-flash-html5-and-a-fr/

After a brief stretch in beta followed by some vague teasing, Firefox's native Android app update is finally set to hit Google Play. While there are a raft of bells and whistles -- a new welcome page, curvy Australis tabs, Flash and HTML5 support, for starters -- it's the browser's newfound speed that is getting the MVP treatment. That rapidity is as good a place as any to start a quick hands-on, especially since the native browser lag on our older Galaxy S handset often makes us want to hurl it through a pane of glass. Mozilla claims it built Firefox to a new benchmark it developed called Eideticker, resulting in an overall browser experience twice as fast as the stock Android one. As advertised, initial loading is quasi-instant, and navigation, zooming and tab switching seemed smooth as well, even on the two-gen-old phone.

Feature-wise, preferences and other desktop settings imported easily with Firefox Sync's shared password system, and the unfortunately named "Awesome Page" is the new home screen shown above, from which it's fairly simple to launch your preferred sites. Flash and HTML5 generally displayed correctly despite a few minor rendering bugs, and the curved tabs and other design touches make it one of the more elegant Android browsers we've played with. Unfortunately, many sites display in full because they don't yet detect Firefox as a mobile app, but the installation of the Phony 3.2! add-in lets it impersonate other smartphone browsers, and it seemed to work well. We also didn't like that tabbed browsing now requires two taps to get to another page, unlike the previous version, but we imagine that was needed for the increased speed. Overall, Firefox is a welcome addition to the Android ecosystem -- we bet you're just as eager to start browsing as we are, so stay tuned for the app to hit Google Play later today, or jump past the break for a quick speed demo from the kind folks at Mozilla.

Update: The new version is now available at the source link below.

Gallery: Firefox for Android native browser hands-on

Continue reading Native Firefox Android browser adds speed, Flash, HTML5 and a fresh look (hands-on)

Native Firefox Android browser adds speed, Flash, HTML5 and a fresh look (hands-on) originally appeared on Engadget on Tue, 26 Jun 2012 09:30:00 EDT. Please see our terms for use of feeds.

Permalink   |  Google Play  | Email this | Comments

Read More...

Summary only...

Qualcomm to deliver Snapdragon SDK to Android developers

Source: http://www.engadget.com/2012/06/26/qualcomm-to-deliver-snapdragon-sdk-to-android-developers/

At this year's Uplinq conference, Qualcomm hit Android developers with some exciting news. In the coming months, the chip maker will deliver a Snapdragon software development kit (SDK) that will provide devs with access to the "next-generation technology and features" embedded in its processors. Through APIs, the kit will allow application architects to leverage facial processing, burst camera capture, surround sound recording, echo cancellation, sensor gestures, low power geofencing and indoor location capabilities. Initially, the SDK will only be available for the S4 8960 wafer, but Qualcomm hopes to include more models over time. Head past the break to have a gander at the full press release.

Continue reading Qualcomm to deliver Snapdragon SDK to Android developers

Qualcomm to deliver Snapdragon SDK to Android developers originally appeared on Engadget on Tue, 26 Jun 2012 11:29:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Em! ail this  | Comments

Read More...

Summary only...

What the Girl From That Google Chrome Ad Might Say to Her Ex [Video]

Source: http://gizmodo.com/5921126/the-girl-from-the-google-chrome-ad-has-a-lot-to-say-to-her-ex

Remember that Google Chrome ad where some guy named Mark is goes all-out to try to get a second chance with his ex, Jen? It's sweet enough to give you diabetes. But every story has two sides, and Jen's response—in this parody from UCB Comedy—paints a very different picture.

Below is the original video for reference (watch it first if you haven't seen it). As Shakespeare said, "The course of true love never did run smooth." That goes double when you can't pick up a phone and just call somebody. [UCB Comedy]

Read More...

Summary only...