IT Security Top Headlines

Clickjacking / UI redress vulnerability: the biggest IT security problem ever?

For now, from what I read, there’s no “elegant” solution to any browser yet.

Apparently, the only sure way to protect yourself is disabling JavaScript, plugins/ActiveX and iFRAMEs, but I think that would severely affect usability.

The most elegant solution available is for Firefox, ie to install the NoScript add-on but even that is not perfect (not foolproof), because at the end, it’s still up to the user i.e. “users can decide for themselves whether to continue clicking, or free up the mouse from the underlying — and potentially exploitive — content.”

Get NoScript add on here:
https://addons.mozilla.org/en-US/firefox/addon/722

I cannot find any details on how to deal with clickjacking for IE from Microsoft’s website, the best step-by-step info I could get is here:

http://hackademix.net/2008/09/29/clickjacking-and-other-browsers-ie-safari-chrome-opera/

Posted in Uncategorized | No Comments »

Quantum cryptography: state-of-the-art, unbreakable encryption?

The world’s first computer network protected by “unbreakable” quantum cryptography was launched recently at a scentific conference in Vienna.

It connects 6 locations across Vienna and a nearby town, using 200 km of standard fibreoptic cables.

Quantum cryptography is completely different from the usual cryptography currently in use, which are based on mathematical procedures; they are extremely hard, but not impossible to crack, given enough computing power or time.

Quantum cryptography are based on the Heisenberg Uncertainty Principle: you cannot measure quantum information without disturbing it. That means a communications channel between 2 users encrypted with quantum cryptography is impossible to eavesdrop without creating a disturbance: the eavesdropper would create a mark on it.

Full story: http://news.bbc.co.uk/2/hi/science/nature/7661311.stm

Posted in news | No Comments »