Silicon-level backdoor found in military FPGA

This paper describes a backdoor embedded in the silicon, not firmware, of a family of FPGAs used in military and industrial applications. The authors propose that a worm could be constructed to extract a key which can then be used to reprogram the device. Of course, hilarity then ensues, ranging from device self-destruction to the introduction of stealthy trojans.

Coming on the heels of the Flame malware, this is a great reminder of just how hard it is to field secure systems.


Dropbox Left User Accounts Unlocked for 4 Hours Sunday

At a time when hackers are on a tear looting information willy-nilly from insecure sites on the Web, Dropbox did the unthinkable Sunday — it allowed anyone in the world to access any one of its 25 million customers’ online storage lockers — simply by typing in any password.

Dropbox, one of the most popular ways to share and sync files online, says the accounts became unlocked at 1:54pm Pacific time Sunday when a programming change introduced a bug. The company closed the hole a little less than 4 hours later.

If you store files on Dropbox, and if those files contain anything important, encrypt them before placing them in Dropbox. It is the only way to secure your data in the cloud.