PaulSpoerry.com

Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets. By reverse engineering the encryption they have successfully cracked into the botnet. They basically have the ability to create a fake Kraken server capable of overtaking a redirected zombie.

Essentially, TippingPoint can now overtake the infected system and cause it to connect to TippingPoint’s fake Kraken server and receive a command to kill the target process handing the communication. In other words, they CAN stop the spam spewing from these machines. The catch is, they would be sending remote commands to someone’s computer without their knowledge which has caused an ethical dilemma. If they send the commands and stop the spam they are basically hacking the infected computer to do something the end user doesn’t know about.

Personally, I say they send the commands… the computers are already infected. I can however see the issue they have, nobody wants their machine doing anything without their permission. They don’t want to be as bad as the bad guys.

Read more on the issue at eWeek.

 TrueCrypt v5.0 has been released.

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g.., file names, folder names, contents of every file, free space, meta data, etc).

New features:

• Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation.   (Windows Vista/XP/2003)
• Pipelined operations increasing read/write speed by up to 100%   (Windows)
• Mac OS X version
• Graphical user interface for the Linux version of TrueCrypt
• XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).

  Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.

• SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).

  Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select ‘Volumes‘ > ‘Set Header Key Derivation Algorithm‘.

Get TrueCrypt now.