Nikon IAS Cracked

May 3, 2011

The Nikon Image Authentication System has a simple enough mission – it is supposed to provide a cryptographically secure path from the camera to the newsroom, ensuring that any image used can be proven authentic.

Apparently, due to a weakness in the signing key storage in the camera, it doesn’t work. The key can be extracted and used to sign arbitrary image data, “proving” it legitimate.

Fallout in the Cloud

May 2, 2011

The recent Amazon cloud services outage has caused some consternation, especially among the customers who permanently lost data that they had entrusted to Amazon for safekeeping.

It is important to remember that one of the three pillars of information security is “availability”: that is, ensuring that your information environment is robust enough to survive catastrophic events and continue providing information resources to the people who need them. Clearly, simply handing over your business data to a third-party and then washing your hands of responsibility for it is not a valid practice.