Slashdot Mirror

An anonymous reader writes: Researchers have found flaws that can be exploited to bypass hardware encryption in well known and popular SSD drives. Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password.

SSDs from Micron (Crucial) and Samsung are affected. These are SSDs that support hardware-level encryption via a local built-in chip, separate from the main CPU. Some of these devices have a factory-set master password that bypasses the user-set password, while other SSDs store the encryption key on the hard drive, from where it can be retrieved. The issue is worse on Windows, where BitLocker defers software-level encryption to hardware encryption-capable SSDs, meaning user data is vulnerable to attacks without the user's knowledge. More in the research paper.

An anonymous reader writes: Most of us are aware by now of the myriad internet games created not for their own sake, but as a marketing tool for another product. But we're not the target audience for these games — kids are. New research out of Radboud University found that two-thirds of all kids around primary school age play one of these games at least once a week, and almost none of them are aware that they're advertisements (abstract). Worse, the game-ads are really effective. "..shortly after playing a game with an embedded food advertisement, children ate 55% more of the candy offered to them than children who had played a game with an embedded toy advertisement." The researchers further add that "it does not matter whether the games are about candy or fruit: children eat more candy after playing a game involving food."

An anonymous reader writes: In 2012, three computer security researchers Roel Verdult, Flavio D. Garcia and Baris Ege discovered weaknesses in the Megamos chip, which is widely used in immobilizers for various brands of cars. Based on the official responsible disclosure guidelines, the scientists informed the chip manufacturer months before the intended publication, and they wrote a scientific article that was accepted for publication at Usenix Security 2013. However, the publication never took place because in June 2013 the High Court of London, acting at the request of Volkswagen, pronounced a provisional ban and ruled that the article had to be withdrawn. Two years ago, the lead author of a controversial research paper about flaws in luxury car lock systems was not allowed to give any details in his presentation at Usenix Security 2013. Now, in August 2015, the controversial article Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer that was 'banned' in 2013 is being published after all.

You may have read about this on Slashdot: Three researchers were going to present a paper next week at the USENIX Security '13 conference about security holes they found in one of Volkswagen's anti-theft systems, but a British court said they couldn't. One of the presenters works at a British university, and the court may have jurisdiction over him. The other two are not U.K. residents, and the Usenix conference is being held in Washington D.C., so jurisdiction questions are flying thick and fast. Amusingly, whether the paper is published and presented or not, the security holes and crack codes it is supposed to contain have been available on the Internet for quite a while, so bad guys who want to learn about them most likely have done so already. Then, last week, we heard that one of the presenters was going to show up at the conference and possibly ignore the injunction. Meanwhile, USENIX co-executive director Casey Henderson and EFF intellectual property director Corynne McSherry talked with Slashdot's Timothy Lord via Zoom and discussed this situation, and how this sort of problem might be prevented in the future.

bugsbunnyak writes "The 2010 Nobel Prize in Physics has been awarded for the discovery of graphene to Andre Geim and Konstantin Novoselov. Graphene is a novel one-atom-thick lattice state of carbon which has demonstrated unique quantum mechanical properties. These properties derive in part from the 2-dimensional nature of the material: quantum interactions are constrained to the effectively planar dimension of the lattice. Graphene holds promise for physical applications including touch screens, light cells, and potentially solar panels. Geim becomes the first scientist to achieve a Nobel prize despite earlier winning the highly-coveted Ig Nobel in 2000 for his studies of diamagnetic levitation — also known as The Flying Frog." Slashdot originally mentioned the frog almost exactly 10 years ago.