Gutting and solving the heart of the cards at Def Con 21

While Def Con packs more events, workshops, and contests than the storage space of a ZIP drive, one of the longest lasting traditions revolves around the mysteries of the conference badge, itself.

This year, Def Con celebrates its 21st birthday with a card-themed cryptographic challenge based on the standard playing card deck -- except this is no ordinary card deck.

Attendees of Def Con 21 are all given custom badges, which are actually elegantly fabricated PCB boards complete with delicately carved copper contact points, mathematical constants, binary numbers, Chinese characters, and more.

In an improved and renewed focus on social … Read more

SIM card flaw said to allow hijacking of millions of phones

A vulnerability on SIM cards used in some mobile phones could allow malware infection and surveillance, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, Nohl warned.

"We can remotely install … Read more

Medieval book in unknown language contains message

It has stumped code breakers, language experts, and mathematicians. The mysterious medieval book known as the Voynich Manuscript was written in a script that no one can understand and has drawings of plants that don't exist.

But the latest study of the 15th-century text known as "the world's most mysterious manuscript" concludes it may contain "a genuine message."

Statistical analysis of the script by researchers including a University of Manchester physicist shows its overarching semantic structures reflect those that appear in real languages. That suggests it is not a hoax as some have said. … Read more

The 404 1,251: Where we find the cipher in the sound (podcast)

Leaked from today's 404 episode:

- Did 4chan just find the Boston Marathon bomber?.

- 4chan's Boston bombing Google Doc culls photos, speculation, and accusations.

- Internet tough guys and girls already pointing fingers at the Middle East. Response: "Please don't let it be a Muslim."

- Beating conspiracy theorists at their own game.

- Using Microsoft Photosynth to recreate a panoramic photo of the bombsite.

- Encode hidden messages in your Facebook pics with "Secretbook" extension.

- Demonic portraits and other evils lurking beneath waves of musical spectrograms.… Read more

Code crackers break 923-bit encryption record

Before today no one thought it was possible to successfully break a 923-bit code. And even if it was possible, scientists estimated it would take thousands of years.

However, over 148 days and a couple of hours, using 21 computers, the code was cracked.

Working together, Fujitsu Laboratories, the National Institute of Information and Communications Technology, and Kyushu University in Japan announced today that they broke the world record for cryptanalysis using next-generation cryptography.

"Despite numerous efforts to use and spread this cryptography at the development stage, it wasn't until this new way of approaching the problem was … Read more

Hall of fame adds inventors of digital camera, barcode

The inventors of the digital camera, the industrial robot, public-key cryptography, and the barcode are just some of those being inducted into this year's National Inventors Hall of Fame.

Today, the National Inventors Hall of Fame announced its latest selections of the people responsible for some of the key technologies that we use and rely on today.

In 1975, a Kodak engineer named Steve Sasson built a device that was able to capture an image, convert it to an electronic signal, and then digitize and store that image, leading to the world's first digital camera, according to the … Read more

How public-key crypto was born

Public-key cryptography is widely used to secure online transactions. The math behind the technology was devised by U.K. Government Communications Headquarters scientists in the late 1960s and early 1970s.

The discovery was kept secret to avoid revealing how closely GCHQ was working with the U.S. National Security Agency at the time. The breakthrough by GCHQ scientists James Ellis, Clifford Cocks, and Matthew Williamson only came to light in 1997, when their work was declassified.

In public-key cryptography, data is encrypted using a widely distributed public key, and can be decrypted using a private key. Cocks, the GCHQ mathematician … Read more

Quantum crypto cracked, researchers say

Researchers at Norwegian and German institutes claim to have successfully cracked the quantum cryptography equipment used to cloak highly sensitive communications by banks and defense agencies.

The researchers said they had remotely controlled the photon detectors used in commercially available photodiode quantum cryptography systems. This allowed them to eavesdrop on communications, the researchers said.

"The security of quantum cryptography relies on quantum physics but not only [on that]...It must also be properly implemented," said Gerd Leuchs of the University of Erlangen-Nurnberg in a statement Sunday (PDF). "This fact was often overlooked in the past."

Read … Read more

How one company stays safe with two networks

At Cryptography Research, the key number is two. There are two separate computer networks, two different systems on every employee's desk and twice the normal number of servers storing data.

To keep hackers out of the network the company runs disparate and unconnected networks--an A network for sensitive data and core engineering work that is not connected to the Internet, and a B network used for e-mail, Web surfing and other Internet activities.

"We built the networks out at least 10 years ago as soon as we started getting really sensitive client data," said Paul Kocher, founder … Read more

Want really secure Gmail? Try GPG encryption

Perhaps Google's announcement that Chinese cyber attackers went after human rights activists' Gmail accounts has made you skittish about just how private your own messages are on the Google e-mail service.

Well, if you want to take a significant step in keeping prying eyes away from your electronic correspondence, one good encryption technology that predates Google altogether is worth looking at. It's called public key encryption, and I'm sharing some instructions on how to get it working if you want try it.

Unfortunately, better security typically goes hand in hand with increased inconvenience. But some human rights … Read more