forgery – WindowsTechs.com

Parmesan Anti-Forgery Protection

Posted on August 24, 2023 by Bruce Schneier

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.
Continue reading Parmesan Anti-Forgery Protection→

QR Code Scam

Posted on December 28, 2022 by Bruce Schneier

An enterprising individual made fake parking tickets with a QR code for easy payment.
Continue reading QR Code Scam→

Forging Australian Driver’s Licenses

Posted on May 23, 2022 by Bruce Schneier

The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries.

This file is encrypted using AES-256-CBC encryption combined with Base64 encoding.

A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.

The problem here is that an attacker who has access to the encrypted licence data (whether that be through accessing a phone backup, direct access to the device or remote compromise) could easily brute-force this 4-digit PIN by using a script that would try all 10,000 combinations……

Continue reading Forging Australian Driver’s Licenses→

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Posted on April 22, 2022 by Bruce Schneier

Interesting implementation mistake:

The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally.

[…]

ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid. …

Continue reading Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries→

Hackers Using Fake Police Data Requests against Tech Companies

Posted on April 5, 2022 by Bruce Schneier

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

But in certain circumstances – such as a case involving imminent harm or death – an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents…

Continue reading Hackers Using Fake Police Data Requests against Tech Companies→

Why Vaccine Cards Are So Easily Forged

Posted on March 18, 2022 by Bruce Schneier

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake. I could change the date on an old test, or put my name on someone else’s test, or even just make something up on my computer. After all, there’s no standard format for test results; airlines accept anything that looks plausible…

Continue reading Why Vaccine Cards Are So Easily Forged→

How can we prevent sophisticated document fraud in 2021?

Posted on February 22, 2021 by Sabine Azzi

Document fraud such as forgery is becoming more sophisticated every year. We discuss how to stay ahead of scammers.
The post How can we prevent sophisticated document fraud in 2021? appeared first on Security Boulevard.
Continue reading How can we prevent sophisticated document fraud in 2021?→

Smashing Security podcast #206: Robo dogs, deepfakes and dirty deceptions with Tim Harford

Posted on November 26, 2020 by Graham Cluley

Author and broadcaster Tim Harford joins us as we discuss the merits of robotic canine security guards, deepfakes, and the curious tale of an art forgery. All this and much more is discussed in the latest edition of the award-winning “Smashing Se… Continue reading Smashing Security podcast #206: Robo dogs, deepfakes and dirty deceptions with Tim Harford→

New SHA-1 Attack

Posted on January 8, 2020 by Bruce Schneier

New SHA-1 Attack

Posted on January 8, 2020 by Bruce Schneier

There’s a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7,… Continue reading New SHA-1 Attack→