Applied Cryptography, Cryptography Engineering, and how they need to be updated
Whoa, I had no idea my knowledge of crypto was so out of date! For example:
ECC is going to replace RSA within the next 10 years. New systems probably shouldn’t use RSA at all.
This blogpost is full of similar useful guidelines and rules of thumb. Here’s hoping I don’t need to work on a low-level cryptosystem any time soon, as the risk of screwing it up is always high, but if I do this is a good reference for how it needs to be done nowadays.(tags: thomas-ptacek crypto cryptography coding design security aes cbc ctr ecb hmac side-channels rsa ecc)
When ‘Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet – Forbes
Hardware designers do their usual trick — omit the whole security part:
[Trustwave’s Crowley] found security flaws that would allow a digital intruder to take control of a number of sensitive devices beyond the Insteon systems, from the Belkin WeMo Switch to the Satis Smart Toilet. Yes, they found that a toilet was hackable. You only have to have the Android app for the $5,000 toilet on your phone and be close enough to the toilet to communicate with it. “It connects through Bluetooth, with no username or password using the pin ‘0000’,” said Crowley. “So anyone who has the application on their phone and was connected to the network could control anyone else’s toilet. You could turn the bidet on while someone’s in there.”
(tags: home automation insteon security hardware fail attacks bluetooth han trustwave belkin satis)