Researchers at Princeton have figured out how to crack encrypted files stored on a computer's hard drive, according to the New York Times.

“Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power,” Edward W. Felten, a Princeton computer scientist, wrote in a Web posting. “Just put the chips back into a machine and you can read out their contents.”

One way to look at this is to lament that one can't be sure anything one stores on their computer is safe. But that's pessimistic -- a bit like lamenting it's too bad someone can't build a ship which can't sink or a vehicle which can't be stolen. Just as it is true that any secret code can be broken, it's equally true there's no limit on the complexity or redundancy one can add to secret codes to make them harder to compromise. Microsoft and Apple suggest how to protect one's personal files in case their computer is stolen or seized:

Austin Wilson, director of Windows product management security at Microsoft, said the company recommended that BitLocker be used in some cases with additional hardware security. That might include either a special U.S.B. hardware key, or a secure identification card that generates an additional key string.

The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered.

An Apple spokeswoman said that the security of the FileVault system could also be enhanced by using a secure card to add to the strength of the key.

Posted by Hance Haney at 3:52 PM | Permalink | Comments (0) | TrackBacks (0)

The Senate Commerce Committee approved a modified version of S. 687, a bill sponsored by Senator Conrad Burns (R-MT) and Senator Barbara Boxer (D-CA) which would target a variety of malicious practices that include: computer hijacking, spam zombies, endless loop pop-up advertisements and fraudulent software installation. A similar measure (H.R. 29) introduced by Rep. Mary Bono (R-CA) and Rep. Ed Towns (D-NY) has passed the House. The House has also approved H.R. 744, by Rep. Bob Goodlatte (R-VA) and Rep. Zoe Lofgren (D-CA), which addresses criminal penalties and prosecutorial tools related to spyware.

Spyware legislation is beneficial because it will promote consumer awareness and assist law enforcement. But technological solutions to the problem may ultimately prove more important. The industry is working on a number of solutions and requires flexibility to respond to evolving challenges. Lawmakers in both the Senate and House appear to be fully conscious of the danger of unintended consequences from legislating in this area. If the legislation's aims and means are too expansive or are not described with optimal clarity, for example, not only could it kill promising technological solutions but it could also ensnare legitimate applications and services that will make the use of computers more simple and secure for ordinary Americans.

Posted by Hance Haney at 9:35 AM | Permalink | TrackBacks (0)

It is already against the law in the U.S. to interfere with someone else's computer or commit traditional crimes with the aid of a computer, however many countires have gaps in their criminal laws governing computer-related crimes and have become havens for cyber-criminals. Another problem is that electronic evidence of crime is difficult for law enforcers to locate and secure when it crosses borders. A treaty is awaiting final Senate approval that would fully criminalize computer-related offenses in other countries and require each country to have the power to quickly preserve and disclose stored computer data, compel the production of electronic evidence by ISPs, to search and seize computers and data, and to collect traffic data and content in real time. These evidence-gathering and surveillance powers are already provided for under U.S. law.

The Convention on Cybercrime has been criticized on the ground that it could allow a foreign country to collect evidence or eavesdrop in the U.S. -- on who knows what? -- via "mutual assistance." But the evidence-gathering and surveillance powers are subject to conditions and safeguards under domestic law that protect civil liberties, such as the First Amendment.

The Senate should ratify the treaty, which will promote an international minimum baseline in computer-related criminal offenses and law enforcement tools.

Posted by Hance Haney at 7:06 AM | Permalink | TrackBacks (0)