Friday is upon us and I can see light at the end of the tunnel.

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Computer with software stolen from RIDC Park Company (SCADA management software) | Pittsburgh Tribune-Review
2. Staff ignore data security, surveys say | IT PRO
3. Lessons from the Verizon 2008 Data Breach Investigations Report | InfoWorld
4. Microsoft’s critical Bluetooth patch didn’t work on XP | Network World
5. Sweden passes eavesdropping law | International Herald Tribune
6. From zero day exploit to zero day fix | IT Director
7. Briton searched web for ways to kill, court told | The Guardian
8. FaceTime Security Program Locks out MySpace Applets | PC World
9. Security breach hits DivShare, unauthorized access to its database | ZDNet

Tags: News, Daily Links, Security Blog, Information Security, Security News

OK, this is cool.

From BlackBag:

There has been quite some speculation about this video (YouTube) of a magnetic ring that is used to open some model of Uhlmann & Zacher lock. By now it is confirmed by the company itself the trick works. They claim a software update will fix the problem (and even log opening attempts).

The ring used in the video now has a name: ‘the ring of the devil’ and is already available on the market (just 25 euro!).

And the questions now are: What is in the ring, how does it work and what locks are affected?

Well … I have some answers. Saturday I received my own magnetic ring and can give you some details.

For the explanation be sure to read the full posting over on blackbag.

Article Link (via Schneier)

The 'ring of the devil' is capable of attacking this kind of electronic motor lock on two ways.

Scenario 1: An electronic motor is nothing more then a metal part on an axe that turns because of a changing magnetic field. Turning electro magnets on and off will generate a pulling force on the metal part, making it rotate. The ring does the same thing. By turning the ring, the metal part in the electro motor starts turning, opening the lock. As Rop suggested in the comments of the previous posting, a bunch of bigger magnets and maybe a high-speed drill can amplify this effect some more.

Scenario 2: A dynamo is nothing more then a coil charged by a changing magnetic field. So any coil in the lock will start generating current when a magnetic field is rotating around it. If the coil is in the path of the electro motor, it might generate enough current for the motor to start turning.

I was reading an article in Information Week tonight about a case going to the 9th Circuit Court of Appeals about the governments right to search, seize and copy laptops and other electronic devices at our borders.  Two groups that don't often find themselves on the same side of issues, the Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) have filed briefs with the court asking them to strike down a lower courts ruling that granted the government these broad powers to confiscate laptops.

As the article points out here in the US there was quite an uproar about China "slurping" laptops from people on travel there, but we seem to think it is OK for our government to do it.  Well at least our government is telling people they are doing it.  What they are not telling us is what they are doing with the data after they search or copy it.  How do we know, no US security but nevertheless confidential data is being secured and or destroyed promptly?  The government telling us "trust me" just doesn't cut it.

However, I think technology is going to pose a bigger problem for the government regardless of whether the court upholds the governments position. I think any terrorist or other bad guy would never have confidential data on their laptop that is not encrypted.  In fact with full disk encryption coming to the masses from the likes of McAfee and others, what will the government do?  Sure they can take the encrypted data to the NSA and let them brute force the keys, but that sounds impractical.  Perhaps, the TSA will demand encryption vendors to put in a back door or secret key that will allow the TSA to decrypt the data similar to what they do with the special luggage locks now.

I know what they can do. Perhaps they can go back to Checkpoint and find out for sure about those back doors that they always suspected was in their software and see if it is there for sure. If so the government can appoint Checkpoint the official encryption vendor for laptops ;-)  Just kidding of course, but really guys.  What self-respecting bad guy is not going to encrypt their data knowing the government has a right to search their laptop.  I think it makes this whole case much ado about nothing.

I was reading an article in Information Week tonight about a case going to the 9th Circuit Court of Appeals about the governments right to search, seize and copy laptops and other electronic devices at our borders.  Two groups that don't often find themselves on the same side of issues, the Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) have filed briefs with the court asking them to strike down a lower courts ruling that granted the government these broad powers to confiscate laptops.

As the article points out here in the US there was quite an uproar about China "slurping" laptops from people on travel there, but we seem to think it is OK for our government to do it.  Well at least our government is telling people they are doing it.  What they are not telling us is what they are doing with the data after they search or copy it.  How do we know, no US security but nevertheless confidential data is being secured and or destroyed promptly?  The government telling us "trust me" just doesn't cut it.

However, I think technology is going to pose a bigger problem for the government regardless of whether the court upholds the governments position. I think any terrorist or other bad guy would never have confidential data on their laptop that is not encrypted.  In fact with full disk encryption coming to the masses from the likes of McAfee and others, what will the government do?  Sure they can take the encrypted data to the NSA and let them brute force the keys, but that sounds impractical.  Perhaps, the TSA will demand encryption vendors to put in a back door or secret key that will allow the TSA to decrypt the data similar to what they do with the special luggage locks now.

I know what they can do. Perhaps they can go back to Checkpoint and find out for sure about those back doors that they always suspected was in their software and see if it is there for sure. If so the government can appoint Checkpoint the official encryption vendor for laptops ;-)  Just kidding of course, but really guys.  What self-respecting bad guy is not going to encrypt their data knowing the government has a right to search their laptop.  I think it makes this whole case much ado about nothing.

FOR IMMEDIATE RELEASE

Security Experts to Disclose Major Flaws Affecting Over 95% of All Locks

New York, NY - June 2, 2008 - This summer, hackers from around the world will be teaming up with lock picking and security experts to show the public exactly how insecure their locks are. Recent studies have proven that locks of all varieties (including so-called “high security” locks) can be compromised, some by persons with a minimal skill.

Attendees at The Last HOPE conference in July will learn firsthand about security vulnerabilities inherent in standard lock designs, from the most common ones used on our front doors to the high security models used by industry and in government. Attempts to alert the security industry to these dangers have not met with much success, which is why we believe it is in the public interest to demonstration certain methods of bypass.

“Manufacturers can’t produce bug-free products, and that’s a big problem,” says Marc Weber Tobias, a lawyer and leading security expert. According to Tobias, “since the industry is not taking the lead, it is ironic that it has fallen upon the hackers to make these security risks public.” In a recent interview and a soon to be released book, he highlights specific problems with the locks sold by many of the major manufacturers, including everything from the common household products of Kwikset and other consumer lock manufacturers, to the supposed high security locks produced by such companies as Mul-T-Lock, Assa, and Medeco. The vulnerable high security locks are currently in wide use by branches of the U.S. military, federal agencies, and at many private facilities to protect critical infrastructure.

Just to reiterate, Myrcurial and I will be in attendance for Last Hope.