Archive for Hardware
Author: Dave Lewis
March 20, 2008 at 11:50 am · Filed under App Security, Hardware, Politics
OK, this is an odd story developing out of New Jersey. Ed Felton from Princeton has received a thinly veiled threat from the manufacturer of an e-voting machine, Sequoia Voting Systems. The state of NJ had apparently made it known that they were going to furnish Ed with one of the machines to test as they had concerns with it. Now, I’m no fan of e-voting. That whole lack of an audit trail makes me squeamish. Call me old fashioned. Things turned strange when an email was sent to Felton from the vendor. Here is a reprint from Felton’s site in case it happens to get taken down.
Sender: Smith, Ed [address redacted]@sequoiavote.com
To: felten@cs.princeton.edu, appel@princeton.edu
Subject: Sequoia Advantage voting machines from New Jersey
Date: Fri, Mar 14, 2008 at 6:16 PM
Dear Professors Felten and Appel:
As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.
Very truly yours,
Edwin Smith
VP, Compliance/Quality/Certification
Sequoia Voting Systems
Interesting reaction.
Article Link
Author: Dave Lewis
March 6, 2008 at 8:18 am · Filed under Hardware, Vendor News
Green you say?
From Silicon dot com:
Microsoft chief executive Steve Ballmer has claimed that more efficient use of IT is one of the company’s main priorities for the future, despite the fact the company has been widely criticised for producing processor-hungry software.
Speaking at the CeBit technology show in Hanover, the Microsoft boss described how the software maker is collaborating with German nuclear power provider Yello Strom. Yello Strom’s managing director Martin Vesper demonstrated a “Yello-saving counter” - a Vista widget that lets consumers monitor their home power via a PC.
Ballmer explained PCs and other technology still consume far too much electricity. He said: “The lowering of energy consumption is as important for us as new uses of software and IT for the environment.”
And a great deal of this is due to the requirements that are needed to run Vista in the first place. Throwing a can of paint on Vista will not make it green.
Article Link
Author: Dave Lewis
March 4, 2008 at 8:52 am · Filed under Data Security, Hardware
From Computerworld:
USB flash drives are very small, very portable, very convenient — and very easy to lose. In fact, the question to ask these days isn’t how to avoid losing your flash drive, but how to make sure your data is safe when you do. As a result, Computerworld decided it was time to look at seven USB flash drives that are outfitted with security features to keep your data safe.
We did what most IT managers and users would do and asked some of the top vendors for their most secure USB flash drives. All but one of these products use some form of the Advanced Encryption Standard (AES) encryption, either 128-bit or 256-bit (according to experts, there’s not much of a difference between 128-bit and 256-bit levels of AES encryption for ordinary purposes, as neither has yet been broken).
There was some variation in the implementation of the encryption on these drives — some use AES keys derived from a user’s password, while others use encryption keys generated by a hardware-based random number generator.
Our three reviewers — Bill O’Brien, Rich Ericson and Lucas Mearian — did not test the encryption algorithms themselves (that’s a subject for another article), but did test the drives’ performance, I/O rates, and CPU utilization.
Read on for the full piece. (thx. Ben)
Article Link
Tags: Secure Storage, Secure Data, Data Security, USB Drives
Author: Dave Lewis
February 29, 2008 at 1:05 pm · Filed under Crime, Hardware
Just in.
From the Standard:
U.S. and Canadian law enforcement authorities have seized more than US$78 million worth of counterfeit Cisco Systems networking equipment in an ongoing investigation into imports from China, the U.S. Department of Justice and other agencies announced Friday.
The coordinated operation, begun in 2005, has resulted in more than 400 seizures of Cisco hardware and labels, the DOJ said in a news release. The operation targets the illegal importation and sale of counterfeit network hardware such as routers, switches and network cards. One of the operation’s goals is to protect the public from network infrastructure failures associated with the counterfeits, the DOJ said.
“Counterfeit network hardware entering the marketplace raises significant public safety concerns and must be stopped,” Assistant Attorney General Alice Fisher of the DOJ’s Criminal Division, said in a statement. “It is critically important that network administrators in both private sector and government perform due diligence in order to prevent counterfeit hardware from being installed on their networks.”
The agencies that worked together on the operation included the U.S. Federal Bureau of Investigation’s Cyber Division, U.S. Immigration and Customs Enforcement (ICE), U.S. Customs and Border Protection (CBP) and the Royal Canadian Mounted Police (RCMP).
$2 million worth of the bust was captured in Toronto today. No word on who exactly was selling it at this point.
Article Link
Tags: Fake Cisco Gear, Chinese Cisco Gear, Operation Cisco Raider, China Cisco, CSCO
Author: Dave Lewis
February 28, 2008 at 9:28 am · Filed under Data Security, Hardware
From the Times Online UK:
‘Chip and PIN’ cards which require customers to enter a four-digit code before purchasing goods may not be as safe as previously thought, according to research.
Customers may unwittingly be handing over their card details and pin number when using the new terminals, which have been widely rolled out at supermarkets, service stations and other outlets, a group of computer security academics has claimed.
According to the research, with a relatively simple 10 minute procedure a merchant can program a chip and PIN terminal to capture all the information needed to clone a chip and PIN card, as well as the customer’s PIN number.
The fraudster would then be free to make withdrawals from the customer’s bank account, as well as commit identity fraud, the group said. The researchers, from the Computer Laboratory at the University of Cambridge, said they had no evidence to suggest the problem was widespread, though they were aware of several instances of it happening, including one at a Shell garage in 2006.
They said the vulnerability was caused by manufacturers’ failure to build appropriate encryption technology into the devices, known as PIN-entry devices (PEDs), which meant that information passed between the card and the device unprotected.
Article Link
Tags: Chip And PIN, PIN Number
Author: Myrcurial
November 27, 2007 at 10:49 am · Filed under Education, Forensics, Hardware, Intrusion Detection, Tools
Ok everyone, here’s your chance to comment, make yourself heard, voice an opinion, tell me I don’t know what the heck I’m talking about.
The question:
Using as little money as possible, assemble a list of tools (software, hardware, wetware or other) which would serve the needs of a CSIRT in time of crisis.
Lets call the time limit for responses Thursday, November 29th 2007 at 19:00EST. At that point, I’ll summarize and wrap up.
For my picks, please see comments below.
Tags: open loops, challenge, CSIRT, toolkit, hardware, software, wetware
Author: Dave Lewis
November 1, 2007 at 10:10 am · Filed under Hardware
While reading Bunnie Huang’s blog I noticed a posting about a new hardware hacking blog.
From Bunnie Studios:
Flylogic Engineering now has an interesting blog up on chip hacking! If you liked the posts on my blog about chip hacking, you may very much enjoy the postings at Flylogic. They’ve actually got a very nice piece up on the PIC18F1320 which reveals new findings about a device that I have some prior familiarity with. I’m looking forward to reading part II of their series!
If this kinda thing floats your boat then check out the new blog at Flylogic.
Article Link
Tags: Hardware Hacking, Hardware Design, Hardware
Explore
Security Bloggers Network
