First Flaws in the Internet Banking Identified

Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts.
The attack is a result of a long-term cryptanalysis project carried out by Andrey Bogdanov (K.U.Leuven, visiting Microsoft Research at the time of obtaining the results), Dmitry Khovratovich (Microsoft Research), and Christian Rechberger (ENS Paris, visiting Microsoft Research).
The AES algorithm is used by hundreds of millions of users worldwide to protect internet banking, wireless communications, and the data on their hard disks. In 2000, the Rijndael algorithm, designed by the Belgian cryptographers Dr. Joan Daemen (STMicroelectronics) and Prof. Vincent Rijmen (K.U.Leuven), was selected as the winner of an open competition organized by the US NIST (National Institute for Standards and Technology). Today AES is used in more than 1700 NIST-validated products and thousands of others; it has been standardized by NIST, ISO, and IEEE and it has been approved by the U.S. National Security Agency (NSA) for protecting secret and even top secret information.

In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. In 2009, some weaknesses were identified when AES was used to encrypt data under four keys that are related in a way controlled by an attacker; while this attack was interesting from a mathematical point of view, the attack is not relevant in any application scenario. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126. Even with the new attack, the effort to recover a key is still huge: the number of steps to find the key for AES-128 is an 8 followed by 37 zeroes. To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key. Note that large corporations are believed to have millions of machines, and current machines can only test 10 million keys per second.
Because of these huge complexities, the attack has no practical implications on the security of user data; however, it is the first significant flaw that has been found in the widely used AES algorithm and was confirmed by the designers.

New Spam Targeting Facebook Users Is Invisible to Most Virus Scans

Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses that were being detected only by one-third of the 42 most common anti-virus products as of 12 noon March 18, says a leading cyber-crime researcher at the University of Alabama at Birmingham (UAB).
Gary Warner, the UAB director of research in computer forensics, says his team in the UAB Spam Data Mine has been tracking the Facebook spam campaign for the past three days. While it is not in the data mine's list of the top 10 most prevalent malware threats, Warner says the fake Facebook messages and related viruses are serious.
"The malware being delivered is called 'BredoLab.' It has been occasionally spread by spam since May of 2009," Warner says. "The UAB Spam Data Mine has observed at least eight versions of the Facebook BredoLab malware since March 16.
"What is troubling is the newer versions of the BredoLab used in this latest attack campaign are not being detected by the majority of anti-virus services -- and that means the majority of users who unwittingly click on the bogus attachments linked to fake e-mails are going to have their computers infected," Warner says.
In this new campaign, cyber-criminals are using regular Internet e-mail services to deliver the false Facebook messages to the social media site's customers. The spam messages ask recipients to open an attachment in order to obtain new Facebook login information. Clicking the attachment exposes a user's computer to the BredoLab malware.
"Once a computer is infected with BredoLab, the cyber-criminals are able to add any other malicious software they desire to the infected computer, including password-stealing software, fake anti-virus software and spam-sending software," Warner says.
Warner warns that any legitimate company would never ask a customer to update his or her personal account information in an e-mail or through e-mail-embedded links or attachments.
"If there are questions about one of your account profiles, visit the site in question through your Web browser and log in as you normally would," he says. "If an entity has an important message for you, you'll be able to find it on its Web page."

Nokia C2-03 - Dual SIM Meets Touch and Type

Nokia C2-03 combines Dual-SIM functionality with Touch and Type technology. A great phone for those who want to combine their varied ...

This phone is a touch and type, Dual sim and apparently a slider as well. We have mentioned its price in Pakistan, however its subject to change and affirmative price will be released once phone is out in the market in 3rd quarter of year 2011.Update: Phone is now released in Pakistan.
Size	Dimensions	103 x 51.4 x 17 mm
	Weight	115 Grams
General	2G Network	GSM 900 / 1800 - SIM1 - SIM 2 / GSM 850 / 1900 - SIM1 - SIM 2
	3G Network
	Announced	21/06/2011
	Status	Released in Pakistan
Display	Type	It has resistive Touch and Type TFT screen with 56k Resolutions
	Size	240 x 320 pixels and 2.6 inches
	Extra	-Hand Writing Recognition System
Ringtones	Type	Wav Ringtones, Mp3
	Customization	3.5 mm Audio jack- Loudspeaker
	Vibration	Yes
Data	GPRS	Class 12 (4+1/3+2/2+3/1+4 slots), 32 to 48 kbps
	HSCSD
	EDGE	Class 12
	3G	No
	WLAN	No
	Bluetooth	v2.1 which comes with A2DP
	Infrared port	No
	USB	microUSB v2.0
Features	OS	Symbian Series 40
	Messaging	Push Email, SMS, MMS, Emails
	Browser	WAP 2.0/xHTML
	Games	Downloadable and Play
	Colors	Golden White and Chrome Black
	Camera	2 MP with 1600x1200 pixels - QCIF@15fps Video
		-Dual Sim - FM Radio - FM Radio Recording - MIDP 2.1 Java - Easy Swap SIM support (no reboot required) - MP4/H.264/H.263 player - MP3/AAC/WAV player - Organizer - FlashLite support - Voice memo - Predictive text input
Memory	PhoneBook	1000 Enter
	Call Records	Yes
	Card Slot	microSD, that goes up to 32GB and 2GB included
	Shared Memory	10 MB Internal Memory
	Extra
Battery	Type	Standard Li-Ion 1020 mAh (BL-5C)
	Talk-Time	5 hours talk time, but Music play can go up to 37 Hours
	Stand-By	Supports 400 hours
Price	PKR	Rs. 8,500
	USD	$97.65
	Disclaimer. We checked details of this handset prior to listing it here, yet we cannot assure you on the authenticity of details, please let us know if you find discrepancies.