decrypt
Latest
OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault
Are you an avid user of OS X's FileVault encryption and running a recently updated version of Lion? It may be time to consider changing your passwords. According to security researcher David Emry, users who used FileVault prior to upgrading to 10.7.3 may be able to find their password in a system-wide debug log file, stored in plain text outside of the encrypted area. This puts the password at risk of being read by other users or enterprising cyber criminals, Emry explains, and even opens the door for new flaw-specific malware. FileVault 2, on the other hand, seems to be unaffected by the bug. The community doesn't currently have a way to fight the flaw without disabling FileVault, so users rushing to change their password now may find it being logged as well. Obviously, we'll let you all know once we hear back from Apple regarding this matter.
Passware claims FileVault 2 can be cracked in under an hour, sells you the software to prove it
Lunch hours may never feel safe again. That is, if you have a Mac running Lion / FileVault 2, like leaving your computer around, or have unscrupulous colleagues. Data recovery firm Passware claims its "Forensic" edition software can decrypt files protected by FileVault 2 in just 40 minutes -- whether it's "letmein" or "H4x0rl8t0rK1tt3h" you chose to stand in its way. Using live-memory analysis over firewire, the encryption key can be accessed from FileVault's partition, gifting the pilferer privy access to keychain files and login data -- and therefore pretty much everything else. If you want to try this out for yourself, conveniently, Passware will sell you the software ($995 for a single user license) without so much as a flash of a badge.
Ramona Fricosu case to determine if decrypted laptop files are safe under Fifth Amendment
So far, we've pretty much decided that the Fifth Amendment of the US Constitution covers those zany thoughts within your skull. But when it comes to more tangible things, it's hardly as clear. In the past, convicted persons have been forced to cough up keys to what eventually becomes evidence, and in the case of one Ramona Fricosu, the US Department of Justice is assuming that a computer passphrase is no different. But that assumption is causing shock waves throughout the tech community, as the decrypting of one's laptop files is arguably causing someone to become a "witness against himself." Of note, no one's asking that Ramona actually hand over the password per se, but even typing in the unlock code while not being watched results in effectively the same conclusion. The San Francisco-based Electronic Frontier Foundation is clearly taking a stance against the proposal, noting that this type of situation is exactly one that the Fifth was designed to protect. Only time will tell if Fricosu's offered immunity as a token for complying, but the precedents that are set here are apt to be felt for decades to come. Tap that CNET link for an in-depth report.
Researchers claim GSM calls can be hacked on the cheap
Callers, your worst nightmare is coming true... maybe. According to a report, a group of hackers at the Black Hat conference in Washington D.C. claim that they're able to hack GSM calls with equipment costing about $1,000. If you believe the team (and we're inclined to at least have a listen), they can decrypt GSM phone conversations and text messages on a network using inexpensive tools called field programmable gate arrays. Until now, the cost of the technology required to hack GSM transmissions has been prohibitively expensive for all but your government and large-scale snooping operations, but that's beginning to change. Not only can this technique allow access to calls, but some of the tech demonstrated at the conference might also enable a user to pinpoint a phone's distance from the surveillance hardware, and find out what type of device is being used. There was no mention of CDMA hacking, so you might want to move over to Sprint for all your seedy activities. Er, we mean stay on Sprint.
Workaround enables Netflix 'Watch Now' titles to be decrypted, saved
Looking for a new way to use FairUse4WM? Have a Netflix account? If so, go on and roll your sleeves up, as a crafty (and acrimonious) fellow has managed to find a workaround that enables you to not only decrypt the DRM-laced "Watch Now" movie files, but save them to your hard drive for future viewing. Admittedly, the process is somewhere between painless and potentially frustrating, but the gist of it involves Windows Media Player 11, FairUse4WM, Notepad, a Netflix account, and a broadband connection. Through a series of hoop jumping, users can now strip the "Watch Now" files free of DRM and watch them at their leisure and on any video-playing device they choose. Granted, there's certainly issues of legality mixed in here, but where there's a will, there's a way. [Warning: Read link language potentially NSFW][Via TVSquad]
The battle continues: firmware 3.30 decrypted
Once again, Team C+D has decrypted Sony's latest firmware. Although this doesn't provide anything tangible for end users, this is a crucial first step in creating new custom firmware. While the decryption was expected, the poem written by the team was not: 3.30 Decrypter! * From Team Create+Destroy.. * Some thought we failed - or had disappeared, But $ony beware - your last hour is near. In spite protections and multiple locks, In spite busy lifes and - unwashed - socks, For you to enjoy but for $ony to fear, 3.30 decrypter is ready, so cheer! Why do these people seem to hate Sony? They've made an impressive piece of hardware for us to enjoy, yet somehow that's seen as an evil thing? Regardless, 3.30 has been decrypted: feel free to celebrate/mourn in however way you choose.[Via DCEmu]
PSP firmware 3.10 released, and decrypted
Sony's PSP firmware v3.10 was decrypted less than 24 hours after its release, claim reports out of the "homebrew" community. While the decrypted files are useless to the average PSP user, they represent the building blocks for requisite hacker celebs like Dark_AleX, Booster, and the Noobz team. New custom firmware? Another DevHook update? Sony lost this round, fast.For those good lil' updaters out there, firmware 3.10 brings support for new PlayStation Network games, MPEG-4 AVC format for the Location Free Player, and the 'Dynamic Normalizer' sound setting, along with a memory saving mode for the browser.
Is all hope lost for Sony? 3.10 decrypted
It shouldn't come as a surprise that the homebrew community has miraculously decrypted the latest PSP firmware in less than 24 hours. The homebrew community seems to be at war against Sony, who's desperately trying to close the security holes in their firmware and slow down the rampant piracy that can jeopardize the PSP as a viable platform.Firmware decryption isn't helpful for the average PSP user, but it will be for other homebrew coders. Undoubtedly, PSP whiz kid Dark_Alex is working on a new open edition firmware for the system. Will Sony ever be able to regain the momentum in this battle?[Thanks, cyanide! Via QJ]
Automator action for encrypting/decrypting files
Interested in beefing up security on some of your files or folders, but wary of the consequences if FileVault takes on a mind of its own? This Encrypt and Decrypt Files Automator action might be right up your alley, as it allows you to perform these actions with an algorithm and password. Perfect for fitting into the workflows of even the most security-conscious Mac OS X Tiger users.The action is free and can be had over at Automator World.
