Security & Privacy

Gary McKinnon, a British man accused of hacking into U.S. military systems, has been granted a short stay of his extradition.

Last month, McKinnon lost his battle in the House of Lords against extradition to the U.S. to face charges of hacking various military systems. His final recourse now will be if the European Court of Human Rights (ECHR) agrees to hear his appeal.

The London law firm representing McKinnon, Kaim Todner, stated on Tuesday that the ECHR will consider as soon as August 28 whether McKinnon can appeal.

"The presidents of the European Court (of) Human … Read more

Google on Tuesday announced Keyczar, an open-source project to help developers select and use safe cryptography in their applications.

Built on OpenSSL, PyCrypto, and the Java JCE libraries, Keyczar supports authentication and encryption with both symmetric and asymmetric keys. It simplifies some of the details by choosing safe defaults and automatically tagging outputs with key version information. Keyczar also provides a simple interface.

The project provides developers with a simple API, key rotation and versioning, and safe default algorithms, modes, and key lengths.

A "nongoals" page proclaims what Keyczar is not. For example, Keyczar is not designed to … Read more

The state of Massachusetts said Monday it is not prepared to abandon its lawsuit against MIT students who uncovered security vulnerabilities in Boston transit cards, even though thousands of copies of their 87-page presentation have been distributed.

A federal judge on Saturday granted the state transit authority's request for a restraining order barring the students' planned presentation at the Defcon conference. It orders them not to disclose any "program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security of the Fare Media System."

The MIT students … Read more

The Georgian embassy in the U.K. has accused forces within Russia of launching a coordinated cyberattack against Georgian Web sites, to coincide with military operations in the breakaway region of South Ossetia.

Speaking to ZDNet UK on Monday, a Georgian embassy spokesperson said that Web sites had been unavailable over the weekend, claiming this was due to Russian denial-of-service attacks.

"All Georgian Web sites have been blocked," said the spokesperson. "Georgia is working on redirecting Web traffic."

At the time of writing, the Web site for the Ministry of Defense of Georgia was unavailable for … Read more

LAS VEGAS -- The Defcon hacker conference ended its 16th year on Sunday, sending about 8,000 attendees home from a weekend of virus writing, discussion of Internet attacks, and general debauchery.

The highlight was most definitely the restraining order which prevented three MIT students from presenting their research on how to hack the Boston subway system. The students attended the event and even gave a news conference after the order came down on Saturday, but did not present their highly anticipated talk.

Instead, journalist and security expert Brenno de Winter took their empty spot and discussed how the cards … Read more

LAS VEGAS--A federal judge on Saturday granted the Massachusetts transit authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.

The Electronic Frontier Foundation, which is representing the students, anticipates appealing the ruling, said EFF senior staff attorney Kurt Opsahl.

The undergraduate students had been scheduled to give a presentation Sunday afternoon at the Defcon hacker conference here that they had said would describe "several attacks to completely break the CharlieCard," an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T … Read more

Updated Saturday with change in price for "Buzzword Survivor" winners.

LAS VEGAS--At the Defcon hacker conference, which opened on Friday, some of the biggest buzz was in the press room.

Three journalists who allegedly sniffed the network in the press room were ejected from Defcon's sister event, the Black Hat security conference, on Thursday. On Friday, the journalists, with Global Security Magazine in France, asked to hold a news conference at Defcon to tell their side of the story. But when the hour arrived, the men were nowhere to be seen.

A press liaison for Defcon said … Read more

LAS VEGAS--Don't have special lock-picking skills or equipment but want to pick a high-security lock?

A security researcher explained at the Defcon hacker conference here how to make a fake key out of a credit card that can open certain types of Medeco M3 locks used in the White House, Pentagon, and high-security areas around the world.

You need to make a picture of a legitimate key to have an image to transpose onto the plastic, which means an insider or someone with access to the key would need to cooperate, said Marc Weber Tobias, a lawyer who has … Read more

At the Beijing Olympics, which officially got under way Friday, athletes from around the world will be striving to run faster, jump higher, and score more goals than their opponents. At the same time, warns the U.S. government, cybercriminals will be on the prowl for credit card information to steal, and security forces could well direct snooping efforts at unsuspecting travelers.

Just ahead of the games, Joel Brenner, the U.S. national counterintelligence executive, talked with Bob Orr of CBS News about the threats that travelers to China could be facing and offered advice on how travelers can protect … Read more