Suppose that the NSA had announced the possession of an efficient factorization algorithm. The cryptology community, after recovering from the initial shock, would demand to see the algorithm and verify it. This request, however, could not be satisfied since the algorithm would probably be classified as top-secret information.
The question now is: What can we do? The answer is: We need Zero-Knowledge Proofs of Computational Power. 
Fefe posted recently some very interesting facts and links about the german e-Postbrief and the underlying security infrastructure. Insane! So obviously there is no public information about the security systems – it’s completely built on security-by-obscurity.
Here you can download a list of the current european security projects from FP7-SEC-2007-1, FP7-SEC-2008-1 and FP7-ICT-SEC-2007-1 calls. Interesting and scary!
An interesting but exhausting week draws to a close. I spoke to many great people about totally different aspects of IT security … and my brain is now full of ideas. 
I also gave a talk named “Taking Down Credit Card Forums – an Analysis” which caused some nice discussions. Thx for that … I’ll be hopefully be able to work up my inbox folder during the weekend. See you soon again, Hamburg!
Interesting – Quis custodiet ipsos custodes?
Hence,Wikileakileaks.org discloses information about wikileaks.org … so whos next? 
Scary story – but nothing new indeed. Perhaps this is one of the reasons why I don’t like these new geeky devices which do anything but providing you the proper ability to make a phone call.
Dirk made a great job by summarizing the story about the STASI cryptographers working for the german company Rohde & Schwarz SIT GmbH. Have a look at his blog post and the links he adds.
tineye.com is a website with a pretty scary feature: It allows users to search for images reversely. Honestly, I used several pictures of friends available on the net and !!pretty!! scary results came out. “Bild Dir Deine Meinung”.
TinEye is a reverse image search engine. It finds out where an image came from, how it is being used, if modified versions of the image exist, or if there is a higher resolution version.
The guys of Trend Micro obviously popped the champagne corks as can be seen in this article. Their new product is called … *taddaaa * Trend Micro SecureCloud! They state that they can “finally talk openly about a technology and business approach that addresses cloud security and data governance issues that have been confronting the industry”. This made me very curious and especially the fact that you hear “secure” and “cloud” in one word made me a little bit sceptical.
So I began to read the articles provided by Trend Micro about this new product but till now, I didn’t find any real information about the technological structure of this system. For instance:
The encryption used in SecureCloud is standard AES 128 bit encryption, but the secret sauce of the technology lies in key management functionality that validates the identity and integrity of the cloud server.
So, what exactly is encrypting what? Where can I find the processes for this new technology? Any real documentation? This so called datasheet does not provide any detailed information, if you ask me. It states for instance:
Trend Micro SecureCloud makes it possible for businesses to encrypt and control data in public and private cloud environments by means of a patent-pending, simple policy-based key management solution.
Okayyy, so they wonna encrypt my sensitive data before it is pushed into the public cloud? Further technical information is unfortunately not provided.
Conclusion: The beta is out now which means that I will probably test it by myself if I can find some time for doing so. Anyway, till now I’m pretty unsatisfied with the information provided by Trend Micro about this awesome new technology. Anybody has some more detailed information which can be shared?
I guess that this potential solution is only solving some minor parts of the whole problem. A lot of questions are still unanswered but I will contact Trend Micro directly for getting some answers.
Update #1:
Obviously my comment on the blog of Trend Micro was deleted. I’m wondering why because I just asked for further detailed information about the underlying technologies. It seems like Trend Micro does not want any of its customers to ask questions?
This is not new but still astonishing! I really wonder what’s about the copying machines at my university.
I think almost all of you heard the story about the leaked video which displays the US-army killing (innocent?) people in Irak? I don’t wonna add further comments to this story – a lot of people did already. For my german readers: If you are interested, read this article written by Prof. Müller, criminologist at the university of Regensburg. It’s worth reading!
Normally, if you buy DRM-free music in online shops, you assume that the bought music files do not contain any personal information about your identity. This article claims the opposite. Additionally, this page gives a nice overview of shops preparing their music files with personal information. This means: Abolishing DRM does not mean that the problem is solved!
I finished reading “Certi fied Lies: Detecting and Defeating Government – Interception Attacks Against SSL“. It’s an interesting paper giving a nice overview about the current thread of trusting unknown CAs. But to be honest, this is nothing completely new. The problem of CAs as the “single point of failure” in the PKI has been known to the public for several years.
Due to the fact that the mentioned extension “Certlock” is not published yet, it is impossible to have a deeper look at the implementation – what a pity! However, there are already extension in the wild trying to mitigate this problem. One of them is named “certificate patrol“. The authors of this extension currently complain about not being mentioned in the paper – I totally agree. As far as I got the point, the upcoming “certlock” extension does nothing new than the already existing “certificate patrol” extension already does.
Last but not least, you should read section 8 “Analysis” of the paper in which the authors focus on several scenarios and how their extension could prevent potential attacks. Further discussion can be found on several other blogs and webpages.
I just realized that there are currently 264 different CAs in Microsoft’s Trusted Root Store. Impressive!! This means that all IE users, Chrome users and Safari for Windows users trust 264 different CAs automatically. OMFG!
Nowadays you should think twice before you publish a scientific paper – it could mean that entering the USA will be impossible for you. I think that the chinese guy in this article, published by the New York Times, gets real problems with entering the USA in the future. He published a paper “Cascade-Based Attack Vulnerability on the U.S. Power Grid” on the security of power grids.
Perhaps you heard already that a top Hamas leader was killed in Dubai recently. Now, a 27-minutes video released by Gulf News TV shows the suspected assassins arrive on separate flights to Dubai the morning the murder took place. It is assumed, that the Mossad is behind the assassination.
I currently ask myself why the Mossad doesn’t care that each of his steps is on tape?
If you need something to wake up, watch the video: http://video.gulfnews.com/services/player/bcpid4267205001?bctid=66672644001
