Information Security News
A key justification for last week's court order compelling Apple to provide software the FBI can use to crack an iPhone belonging to one of the San Bernardino shooters is that there's no other way for government investigators to extract potentially crucial evidence from the device.
Technically speaking, there are ways for people to physically pry the data out of the seized iPhone, but the cost and expertise required and the failure rate are so great that the techniques aren't practical.
In an article published Sunday, ABC News lays out two of the best-known techniques. The first one is known as decapping. It involves removing the phone’s memory chip and dissecting some of its innards so investigators can read data stored in its circuitry.
by John Timmer
Carbon nanotubes are small and can be semiconducting, which makes lots of people excited about using them as a replacement for features etched in silicon. But there are two big problems: the reactions that produce them create a random mix of metallic and semiconducting nanotubes, and it's really difficult to get them to go precisely where you need them to in order to properly wire up a processor.
Now, a joint IBM-academic team has used those difficulties to their advantage. They've developed a process in which nanotubes are used to randomly wire up part of a chip that's then used to generate cryptographic information, providing an inherently secure on-chip facility for hardware-based encryption.
Most digital cryptography depends on the ability to generate a unique series of bits that acts as a key. Hardware-based cryptography generally relies on a key that's permanently wired into the chip itself. While effective, different techniques for storing the keys have various vulnerabilities, from being subject to external snooping to producing different results when the environmental conditions are changed.
Linux Mint forum users, and anyone who downloaded and installed a copy of the 17.3 Cinnamon edition on Saturday have probably been compromised by hackers and need to take action immediately, the distro's creator has warned.
Clem Lefebvre, confirmed in a blog post that the "intrusion" had taken place over the weekend. He said: "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it."
He added that the resultant malware infection had only affected ISOs downloaded from the Linux Mint site on Saturday, February 20. "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition," Lefebvre said. However, by Sunday it was a different story, with Linux Mint confirming that its forums database had also been targeted in the hack of its systems.
ISC Handler - Freelance Security Consultant