Lost+Found: Tools for key crackers
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: 3D printers can produce handcuff keys, Adobe's Reader secures its sandbox, a program which allegedly discovers the secret keys for embedded devices from network traffic, zero day statistics and why it's good to answer your email in a timely fashion.
- Forbes reporter Andy Greenberg has accidentally enabled anyone with a 3D printer to produce copies of keys to Bonowi police handcuffs. Using a photo taken by Greenberg using his iPhone and included in an article, resourceful DIYers were able to create a 3D model of the key.
- Version 11 of Adobe Reader, which was released this week, contains a range of new and improved security functions. The sandbox can now impose rules on read access and Reader can also now force ASLR.
- LittleBlackBox claims to contain a database of secret SSL and SSH keys for embedded devices. Feed it recordings of network traffic (in the form of pcap files) and LittleBlackBox says it will extract public keys and spit out the corresponding secret key, though this is untested here – can anyone confirm it?
- According to a study by Symantec's Leyla Bilge and Tudor Dumitras, zero day exploits are frequently exploited for more than a year prior to disclosure. The study is based on data extracted from sources such as the company's internal Worldwide Intelligence Network Environment with the delightful acronym WINE.
- Well-known iPhone-jailbreaker Comex has ended his sojourn as an Apple employee after one year. He apparently failed to respond on time to an email offering to extend his contract.
(djwm)