Intruders may have stolen data pertaining to RSA one time password (OTP) tokens. However, RSA won't tell the general public what has happened. There is a support note which is accessible only to customers.
OTP uses keys that need to remain secret, but I don't think these keys have been stolen.
Sunday, 20 March 2011
Sunday, 6 March 2011
TrustZone and Trusted Execution Environment
This post describes a recent security addition to mobile phones. It has a superficial similarity to the trusted platform module (TPM). Because the TPM seems to cast doubt on anything "trusted" I will compare TrustZone and TPM.
TrustZone is a virtualization technology. The basic idea is that the processor can be switched between normal mode and secure mode. Because of the virtualization the normal mode is unaffected by the secure mode. The secure mode is based on the TrustZone. More technically, some peripherals and keys are only accessible from the secure mode.
The TPM did not use virtualization. There was no unaffected more. It became unclear whether the owner of the computer or the owner of the TPM keys was the real master of the computer.
TrustZone can and will be used to implement a DRM system. However, it won't enforce anything in the normal world. Thus people who do not like to use DRM, can simply ignore it.
Still, there is a feature that will be useful to everyone: The secure mode can be used to protect PIN entry or display of sensitive information from malware. There is hope that such a technology might disrupt the creation of a criminal ecosystem on mobile phones before it gets out of control like it happened on PCs.
The secure mode is typically started from the normal mode, for example because the user wants to enter a PIN. The smart card standardization organization Global Platform intends to standardize this API under the name Trusted Execution Environment. That's the other T-word from the title.
TrustZone is a virtualization technology. The basic idea is that the processor can be switched between normal mode and secure mode. Because of the virtualization the normal mode is unaffected by the secure mode. The secure mode is based on the TrustZone. More technically, some peripherals and keys are only accessible from the secure mode.
The TPM did not use virtualization. There was no unaffected more. It became unclear whether the owner of the computer or the owner of the TPM keys was the real master of the computer.
TrustZone can and will be used to implement a DRM system. However, it won't enforce anything in the normal world. Thus people who do not like to use DRM, can simply ignore it.
Still, there is a feature that will be useful to everyone: The secure mode can be used to protect PIN entry or display of sensitive information from malware. There is hope that such a technology might disrupt the creation of a criminal ecosystem on mobile phones before it gets out of control like it happened on PCs.
The secure mode is typically started from the normal mode, for example because the user wants to enter a PIN. The smart card standardization organization Global Platform intends to standardize this API under the name Trusted Execution Environment. That's the other T-word from the title.
Wednesday, 2 March 2011
Malware on Android
As everyone reports: there has been malware on Google's Android market. I have to add that such a thing removes the remaining security from SMS-TANs or similar two factor authentication schemes. One way out of that problem would be to use an additional trusted execution environment on smart phones.
Sunday, 27 February 2011
German Police Infects PC at Customs Control
The German newspaper Der Spiegel writes in its issue 9/2011 that the PC of a suspect was infectected with spyware at the customs control. It seems they had permission by a judge, but that this permission did not include the main functionality of the program: to send in a screenshot every thirty seconds. Pretty scary, I would think.
Saturday, 12 February 2011
CISCO report on malware
Cisco published an interesting report on the 2010 developments on the malware scene. They discuss the economics of malware, the recruiting of mules (people who funnel stolen money on criminal's accounts) and future developments. The prediction I find most interesting is that Apple computers will be targeted next year. Another prediction is of course that smartphones will targeted.
Monday, 8 November 2010
ZeuS uses unpatched IE exploit
The Eleonore toolkit, which is the tack vector for the ZeuS malware, got support for the
recent CSS vulnerability of IE 8 which is still not fixed. This means that there will be more broken webservers distributing the exploit and bigger damage to affected users.
recent CSS vulnerability of IE 8 which is still not fixed. This means that there will be more broken webservers distributing the exploit and bigger damage to affected users.
Position:Zeppelinstraße,München,Deutschland
Monday, 1 November 2010
ZeuS Botnet under Reorganisation
Reuters reports that the author of the ZeuS botnet announced that he will stop developing and maintaining ZeuS. Probably he has sold the sources and the customer base to a competing botnet , Spy Eye. Spy Eye has been fighting hard against ZeuS, but could not overtake ZeuS.
One may safely assume that the ZeuS author will use this sabbatical to come back with something even more dangerous, as it was the case in 2007 and 2008 when he also took a break.
Subscribe to:
Posts (Atom)
Posts
