(via Pascal M.)
Hackers operating under the name Anonymous launched massive distributed denial of service DDoS attacks against major Egyptian government websites, including the ones of the president, Egyptian state media, the military site Supreme Council of the Armed Forces SCAF and a site that promotes tourism.
SCADA software developer Siemens has ignored warnings and lied in at least one case about a serious security flaw that could allow hackers to take control of SIMATIC systems that manage industrial control systems, according to a coder for a different software company, who posted details about the incident in his blog.
A consortium of certificate authorities (CAs) and software vendors has released the first industry standard for the issuance and management of SSL certificates.
(via Pascal M.)
(via Pascal Mathieu)
*Speaker:* Yossi Oren, Tel Aviv University (Israel) *Title:* Tolerant Algebraic Side-Channel Analysis of AES *Date:* Tuesday, October 25, 11:00 *Place:* room 207, Euler Building (near Maxwell Building) Avenue Georges Lemaitre, 4-6 - 1348 Louvain-la-Neuve *Abstract:* Classical power analysis attacks are difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by Standaert et al. to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1% at most), and the question of its practicality remained open. In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration. We call our new attack methodology Tolerant Algebraic Side-Channel Analysis (TASCA). We will describe the new methodology, its strengths and limitations, and finally show a full TASCA-based key-recovery attack on a microcontroller-based implementation of the Advanced Encryption Standard. --------- For a map of Louvain-la-Neuve: http://www.dom.ucl.ac.be/info_plan.html For a map of public parking lots: http://www.llnparking.be/