M32 Security » data security

Laptop stolen from MoD with encryption key that could open highly sensitive files

Kyle — Mon, 14 Dec 2009 04:03:16 +0000

The Sun and now the BBC have reported that a laptop used by a high-ranking RAF Officer at the UK’s Ministry of Defence was stolen in late November; possibly much more recently that included an encryption key with the potential to open highly sensitive files. The laptop was said to be stolen from a highly secure area has arisen fears that a mole is operating within the Ministry. If the severity of the breach is as serious as has been reported, this could be be one of the largest breaches of data security in a very long time.

It is not known if the laptop in question has been secured with disk encryption or any other type of techniques used in attempt to keep data from unauthorized parties.

As of writing this, the MoD has been bluntly quiet on the incident saying only that “An investigation is ongoing.”

Heads up to The Spy Blog UK for highlighting this

Tags: Breaches, data security, disk encryption, late november, ministry of defence, mole, raf officer, sensitive files, severity, unauthorized parties

IBM Creates Algorithm For Fully Homomorphic Encryption

Kyle — Sun, 04 Oct 2009 05:22:45 +0000

IBM has claimed that it has made a breakthrough in data security that could potentially usher in a new era of manipulation of sensitive encrypted data without revealing what the data actually is. The idea isn’t new, Ronald Rivest (the R in RSA) thought it up thirty years ago; thinking it to be too infeasible to ever implement. The future implications on data security are very promising to say the least.

Read the whole story over at SmartPlanet

Tags: Algorithm, breakthrough, data security, encrypted data, Encryption, Homomorphic, IBM, manipulation, new era, Ronald Rivest, RSA, SmartPlanet, thirty years

SHA-1 hash collision predicted within the year

Kyle — Wed, 17 Jun 2009 03:02:41 +0000

Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:

A new attack can, at least in theory, find collisions in 2⁵² hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.

This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.