CryptoBlog – Data Security and Information Theory

Cryptography, Information Theory and Codes

October 18, 2008 • 5:10 am 0

Security Blues

I’ve been experiencing some trouble with the latest two security updates from Microsoft.
The offenders, (KB956841 and KB956803) work fine on a Compaq desktop running XP Pro. When installed on a Gateway desktop running XP Media Edition, the machine hangs when trying to start Windows after the required re-boot. I manage to get Windows to start in safe mode and restored to a time previous to installation and the machine works fine.
The security updates are related to a vulnerability that could allow malware to elevate its privilege level. As per Microsoft documentation:

A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The only known issue is some negative interaction with Zone Alarm. I found only one reference to a Laptop that hangs on reboot, I’ll keep looking.

Update In the process of restoring and trying again, KB956803 somehow got installed. I will not try KB956841… wait for the next Service Pack.

Filed under: InSecurity, Software

October 15, 2008 • 5:09 pm 0

Security well understood starts at home…

…if you look at it from the point of view of a security routine.

Filed under: Security, in the News

October 10, 2008 • 5:36 am 0

Man in the Middle attack for QKD?

In an article titled “Can Eve control PerkinElmer actively-quenched single-photon detector?” Vadim Makarov et al. report that thanks to the “strange behavior” found of one of the most often used photon detectors, it is possible for the eavesdropper (Eve) to inject a crafty pulse and fools Bob’s detector by introducing a click of her choice. Eve can now run a man in the middle attack, and when Alice send Bob the list of erroneous polarizations (the “key reconciliation” phase) Eve will be able to recover the key.
I am not sure at this point whether this is just a shortcoming of the particular hardware being used or if this is a pervasive characteristic of the type of circuits used for the detectors. Let’s see.

Filed under: Quantum Cryptography, Security , , ,

Most Popular

About this blog

Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.

Click below to find out more

Short Presentation

View Mario Forcinto's profile on LinkedIn

Crypto Book

bookcover.jpg

ID Theft Resources

Copyright

© Mario Forcinito and CryptoBlog, 2007-2009. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Mario Forcinito and CryptoBlog with appropriate and specific direction to the original content.

Blog Stats

  • 7,491 visits

Categories

Archives

Crypto Links