Everything you need to know about encryption and information security

We would like to announce our latest Gold Lock 3G version for Nokia phones – now with the ability to send encrypted SMS messages even when the phone is not connected to the internet.

Download the latest versions simply by browsing from your Nokia phone to the following URL: “www.gold-lock.com/symbian”.

Sending and receiving an encrypted SMS is very simple, the manual is available online at: https://www.gold-lock.com/app/en/product/Goldlock3G.

The new feature is included in Gold Lock 3G for Nokia, with no additional charge. Customers who already purchased Gold Lock licenses for Nokia phones, will receive the upgrade automatically (completely free of charge) the next time Gold Lock is activated on their device.

As always, us and our worldwide licensed dealers are looking forward to your questions, requests and feedback.

Iran’s police chief has warned opposition supporters against using SMS text messages and e-mails to organize antigovernment rallies.

Ismail Ahmadi Moghaddam said spreading word of such demonstrations was a crime that carried a “heavy penalty.”

Cell-phone and e-mail messages emerged as a key form of communication for Iran’s opposition in the unrest that erupted in Iran after June’s disputed presidential election — including to organize demonstrations and disseminate news and images.

The messages have also become an important source of information for foreign media who are banned from directly covering the protests.

Moghaddam said anyone using SMS or email messages to organize opposition rallies should know their messages were being monitored.

He said it was possible to trace both sender and recipient, and he warned that anonymous proxy servers would not protect user identities.

A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks.

The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi. Kasumi, also known as A5/3, is the standard cipher used to encrypt communications on 3G GSM networks, and it’s a modified version of an older algorithm called Misty.

In the abstract of their paper, the cryptographers say the attack can be implemented easily on one standard PC. ‘In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 214.

By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity.

USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked.

These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST).

It looks like the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations.

New cyber-monitoring measures have been quietly introduced in New Zealand giving police and

officers the power to monitor all aspects of someone’s online life.

The measures are the largest expansion of police and SIS surveillance capabilities for decades, and mean that all mobile calls and texts, email, internet surfing and online shopping, chatting and social networking can be monitored anywhere in New Zealand.

The New Zealand Security Intelligence Service (NZSIS or SIS) is an intelligence agency of the New Zealand government.

According to the Wall Street Journal, Iraqi insurgents have been regularly using a satellite-snooping software called “Sky Grabber”  (cost = $26) to monitor live Predator video feeds.

The Predator transmits video over an unencrypted link, so there’s no major hacking going on here, but it’s obviously a huge issue – and we’d say the bigger problem is that Pentagon officials have known about this flaw since the 1990s, but they didn’t think insurgents would figure out how to exploit it.

Way to underestimate, guys.

The WSJ says the military is working to encrypt all Predator feeds from Iraq, Afghanistan, and Pakistan, but it’s slow going because the Predator network is more than a decade old and based on proprietary tech – too bad it’s not proprietary enough to keep prying eyes out of it.

An Israeli hacker, nicknamed “Labba”, has cracked Kindle’s ebook DRM, essentially allowing folks to extract the text of Amazon’s AZW files into a PDF for viewing on any reader. The hackers have reverse engineered the ebook code and very close to a formal, software-based solution.

It took the hacker only nine days to strip the DRM although there is no formal piece of software for the hack.

The NSA is constructing a datacenter in the Utah desert that they project will be storing yottabytes of surveillance data.

There are a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. To wrap this up, a yottabyte is 1,000,000,000,000,000GB.

Stored data is predicted to include among other things – tapped phone calls, intercepted emails and other communication medias of US and non US citizens / corporations.

Communicating confidential information using Gold Lock’s military grade encryption will guarantee to keep your calls outside this massive repository of intercepted communication.

The New York Times reports in this week’s Science section that hardware and software trojan kill switches in military devices are an increasing concern, and may have already been used. ‘A 2007 Israeli Air Force attack on a suspected, partly-constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft.

Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars.

A software developer who designed a way to tap and record calls made on Skype and other VoIP networks has made the source code of the spying program public, a move he said will allow other programmers to build workarounds to the potential threat. The programmer, Ruben Unteregger, was tasked by his former company ERA IT Solutions to write a Trojan horse program that could tap VoIP calls for the Swiss government.

Apparently, the program bypassed Skype’s heralded encryption process, one that has vexed security officials in Europe multiple times.

In a translated interview, Untregger discussed his rationale for releasing the code.

“The code will be published, it will get analyzed as soon as the binaries got uploaded, signature patterns will be created by anti-virus companies, the malware will be detected, blocked and deleted, if it tries to infect a system,” Untregger said.

Untregger’s motives appear to be genuinely in the interest of private citizens and enterprises that use VoIP services like Skype, as the publicizing of the code makes its use by security agencies redundant, according to a Computer World report. However, making this code available could have negative repercussions if hackers can use it to build even more powerful tapping programs. Other instances of Skype hacking, such as China’s purported monitoring of dissident communication via VoIP programs, gives one pause when considering the public availability of such information.