Parmesan Anti-Forgery Protection
The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.
Continue reading Parmesan Anti-Forgery Protection
Collaborate Disseminate
The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.
Continue reading Parmesan Anti-Forgery Protection
An enterprising individual made fake parking tickets with a QR code for easy payment.
Continue reading QR Code Scam
The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries.
This file is encrypted using AES-256-CBC encryption combined with Base64 encoding.
A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.
The problem here is that an attacker who has access to the encrypted licence data (whether that be through accessing a phone backup, direct access to the device or remote compromise) could easily brute-force this 4-digit PIN by using a script that would try all 10,000 combinations……
Interesting implementation mistake:
The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally.
[…]
ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid. …
Continue reading Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries
Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.
Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.
But in certain circumstances – such as a case involving imminent harm or death – an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents…
Continue reading Hackers Using Fake Police Data Requests against Tech Companies
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake. I could change the date on an old test, or put my name on someone else’s test, or even just make something up on my computer. After all, there’s no standard format for test results; airlines accept anything that looks plausible…
Document fraud such as forgery is becoming more sophisticated every year. We discuss how to stay ahead of scammers.
The post How can we prevent sophisticated document fraud in 2021? appeared first on Security Boulevard.
Continue reading How can we prevent sophisticated document fraud in 2021?
Author and broadcaster Tim Harford joins us as we discuss the merits of robotic canine security guards, deepfakes, and the curious tale of an art forgery. All this and much more is discussed in the latest edition of the award-winning “Smashing Se… Continue reading Smashing Security podcast #206: Robo dogs, deepfakes and dirty deceptions with Tim Harford
There’s a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the co… Continue reading New SHA-1 Attack
There’s a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7,… Continue reading New SHA-1 Attack