RSA was the victim of an extremely sophisticated cyber attack which resulted in the possible theft of the two-factor code used by their SecurID products. The exact risk to customers isn’t clear, but there is risk that the assurance of two factor authentication has been reduced.

Researchers at University of California have torn apart Solid State Drives (SSDs) and have found remnant data even after running several open source and commerical secure erase tools. They’ve also proposed some changes to SSDs that would make them more secure.  Once information is stored on SSDs, getting it off isn’t easy at all.

An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet. The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom. [...]

The UK government plans to introduce legislation that will allow the police to track every phone call, email, text message and website visit made by the public. The information will include who is contacting whom, when and where and which websites are visited, but not the content of the conversations or messages. Every communications provider [...]

A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls (non Gold Lock) in the clear. Most of the price is for the laptop he used to operate [...]

India’s Department of Telecommunications has been asked by the government to serve a notice to Skype and Research In Motion to ensure that their email and other data services comply with formats that can be read by security and intelligence agencies, or face a ban in India if they do not comply within 15 days. [...]

The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired’s Threat Level pulls out one salient detail: that Wikileaks’ initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows [...]

Yesterday, it was announced that physicists at the University of Toronto in Canada have successfully attacked a commercial quantum cryptography system for the first time in history. Quantum cryptography was considered by some to be unbreakable, however, like many other security systems, the technology was built making various assumptions, and in the real-world not all [...]

Researchers are poking holes in the chain of trust for SSL certificates which protect sensitive data. According to these hypothesized attacks, governments could compel certificate authorities to give them phony certificates that are signed by the CA, which are then used to perform man in the middle attacks. They point out that Verisign already makes [...]

On March 8, a security company  employee plugged a newly ordered HTC Magic phone from Vodafone into a Windows computer, where it triggered an alert from the antivirus software. Further inspection of the phone found the device’s 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm, and [...]