RSA crypto attack poses threat to DRM


	November 27th, 2008 New version of XPC Spy Pro added! more


	December 03rd, 2008 Hackers run Linux on iPhone more Your face is easy to fake, says security company more Microsoft opens up Vista SP2 beta more Latest VB100 malware test brings good news more Botnet Master Sees Himself as Next Bill Gates more Apple removes Mac antivirus recommendation more License server glitch exposes SonicWall users to e-mail security threats more Lenovo arms ThinkPads with Intel's built-in security more U.S. report sees major terror attack by 2013, ignores cyberattack risk more Lenovo arms ThinkPads with Intel's built-in security more Feds nab more members of alleged identity theft gang more Apple's antivirus advice 'big to-do about nothing,' says researcher more Opinion: Is there a hidden cost to data protection? more Human error is top IT security concern more Workers worried about job security might steal corporate data more

DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

November 24th, 2006

RSA crypto attack poses threat to DRM

Security researchers have developed a new approach to breaking the RSA algorithm that creates new problems for the development of effective rights management software.

Cryptoanalysts already known the time taken to make different calculations using the same encryption key might, in theory at least, give attackers code-breaking clues in much the same way electro-magnetic leakage or power fluctuations can be used in so-called ‘side-channel’ attacks on secure systems. The new so-called Branch Prediction Analysis (BPA) attack is a refinement on this approach that makes code breaking feasible on commodity PCs instead of expensive high-performance kit.

A carefully written spy-process, running alongside the RSA-process, is able to collect almost all the secret bits used in an RSA signing operation by monitoring the states of a CPU. The approach yields far quicker results than statistical analysis, cryptography researchers say.

‘The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless,’ researchers Onur Aciicmez, Cetin Kaya Koc and Jean-Pierre Seifert report in their paper.

‘Despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualisation, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor.

The approach frustrates existing countermeasures according to crypto guru Bruce Schneier, who writes that the approach would be particularly potent if directed against Digital Rights Management (DRM) implementations.

Source: The Register

	All news for December 03rd, 2008:
	15:18	Hackers run Linux on iPhone
	15:17	Your face is easy to fake, says security company
	15:15	Microsoft opens up Vista SP2 beta
	15:09	Latest VB100 malware test brings good news
	14:57	Botnet Master Sees Himself as Next Bill Gates
	14:53	Apple removes Mac antivirus recommendation
	14:51	License server glitch exposes SonicWall users to e-mail security threats
	14:50	Lenovo arms ThinkPads with Intel's built-in security
	14:50	U.S. report sees major terror attack by 2013, ignores cyberattack risk
	14:48	Lenovo arms ThinkPads with Intel's built-in security
	14:44	Feds nab more members of alleged identity theft gang
	14:43	Apple's antivirus advice 'big to-do about nothing,' says researcher
	14:42	Opinion: Is there a hidden cost to data protection?
	14:41	Human error is top IT security concern
	14:40	Workers worried about job security might steal corporate data
	All news for December 02nd, 2008:
	15:58	Delaware bank layers desktop, network security to keep data safe
	15:50	Vietnamese software BKAV raises antivirus bar
	15:41	Security vendors warn of Christmas e-crime spike
	15:36	Researchers plan 'honeypot' security project
	15:31	The Amero Case: Stranger (and Uglier) Than Fiction
	15:20	Apple tells Mac users to install antivirus software
	15:19	System design to help gov't curb security breaches
	15:14	Cryptzone polishes encryption product
	15:13	London hospitals almost back online after worm infection
	15:12	The myth of cloud computing
	15:09	New Windows worm builds massive botnet

All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!