Encryption might be less secure than originally thought, EasyDNS suffers an attack and comes up with a clever solution…

Plus the big story for Windows users, a batch of your questions, our answers, and much more!

On this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get 32% off a new order code: go32off3
UnitySync Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.

Encryption is less secure than originally thought

• The problem is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy.
• Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file, that the characteristics of the data traffic will quickly converge to the statistical averages
• But in cryptography, the real concern isn’t with the average case but with the worst case
• A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations
• “We thought we’d establish that the basic premise that everyone was using was fair and reasonable,” says Ken Duffy
• When researchers started using other notions of entropy (developed since Shannon entropy in the 1950s), which give greater weight to improbable outcomes, they found that slight deviations from perfect uniformity in source files significantly weakened the protection provided by encryption
• “as a consequence, the wireless card readers used in many keyless-entry systems may not be as secure as previously thought.”
• A computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected.
• “It’s still exponentially hard, but it’s exponentially easier than we thought,” Duffy says. One implication is that an attacker who simply relied on the frequencies with which letters occur in English words could probably guess a user-selected password much more quickly than was previously thought. “Attackers often use graphics processors to distribute the problem,” Duffy says. “You’d be surprised at how quickly you can guess stuff.”
• The Shannon Limit Explained
• Research Paper

Redhat introduces the ‘Red Hat Software Collections 1.0’

• Red Hat Enterprise Linux provides ‘long term support’ for all of the included packages. This means that the version of PHP that is included in the original distribution is maintained for the entire life of that version of RHEL. Of course security fixes are backported, but new features are not. This is both a blessing and a curse, new features and new bugs do not break your production stack, but those new features are not available to you
• The Red Hat Software Collection “Helps Users Build and Deploy Web Applications Through Dynamic Languages and Databases”
• The Collection provides:
• Ruby 1.9.3 with Rails 3.2.8
• Python version 2.7 and 3.3
• PHP version 5.4
• Perl version 5.16.3
• node.js version 0.10
• MariaDB version 5.5
• MySQL version 5.5
• PostgreSQL version 9.2
• “Red Hat Software Collections 1.0 Beta is available now for use with Red Hat Enterprise Linux 6 to customers and partners with select active Red Hat Enterprise Linux Server, Red Hat Enterprise Linux Workstation or developer-related subscriptions.”
• Users without subscriptions or using CentOS, can use IUS a community powered repository of updated software
• “The IUS Community Project is aimed at providing up to date and regularly maintained RPM packages for the latest upstream versions of PHP, Python, MySQL and other common software”

• EasyDNS DDoS in progress
• EasyDNS article explaining their history of dealing with DDoS attacks and their proposed solutions for customers
• They highly recommend that if your site is mission critical, that you use more than 1 DNS provider, to eliminate any single point of failure (SPoF)
• During a previous DDoS attack, they actively worked with their competitors, DNSMadeEasy and DNSimple to mitigate the issues and develop filters to prevent the specific type of attack
• Allan has used DNSMadeEasy for 10 years to handle high DNS loads and the fastest possible response times (anycast means low latency), Managed DNS with automatic Failover for critical domains, and secondary DNS for 100s of hosted domains
• EasyDNS has introduced a new feature called Proactive Nameservers – If you use EasyDNS has your domain registrar, for a monthly fee you can have them automatically adjust your list of active DNS servers based on availability
• The service will automatically removing downed name servers and replacing them with backups that are not publicly displayed until they are used
• This means that the attackers do not know where your backup name servers are, they only get added into the mix if the attack is large enough to disrupt your main name servers
• This service is designed to allow you to automate the use of multiple DNS providers, eliminating any SPoF
• EasyDNS has also introduced a feature to sync your DNS records to Amazon Route53 as a backup

Feedback:

• Questions for A & C

  • Case study: Switching from Linux to FreeBSD

• AD Replacement

• External Drive Array & FreeNAS?

• pkgng

• vBSDCon.com

Round Up:

• The NSA Is Commandeering the Internet – Bruce Schneier
• Android Java API ‘SecureRandom’ method does not generate secure random numbers or keys, leads to theft of bitcoins
• Health care law implementation delayed because insurance industry software cannot calculate and sum a patients out-of-pocket expenses
• Why I am not afraid of the Factoring Cryptopocalypse
• IBM Buys Israel/US Cybersecurity Specialist Trusteer For $800M-$1B
• UK Piracy filtering takes out legitimate sites like the RadioTimes and TorrentFreak
  
• Jamming Wars – With the increase in survailence will we see an increase in jamming tech, and laws against its use
• PuTTy 0.63 released fixes 4 critical security vulnerabilities