Maths whiz cracks wireless code

And you thought you had tough maths homework? Consider the work that went into cracking a secret code developed by Toronto-based Certicom, which makes wireless encryption software. It took the power of 10 000 computers running around the clock for 549 days, coupled with the brain power of a mathematician at Indiana`s University of Notre Dame, to complete one of the world`s largest single math computations.

Certicom had challenged scientists, mathematicians, cryptographers and hackers to try to break one of the encryption codes the firm uses to protect digital data. Notre Dame researcher and teacher Chris Monico discovered the solution. "I stared at it in mild disbelief for a while," he said. "I wanted desperately to jump up and down, but the mathematician in me said `You`d better double-check`."

However, a company spokesperson said the solution gave access to one person`s key, or identity, and cracked only a 109-bit key, whereas Certicom`s products start at a 163-bit key to protect data. Monico, who took up the challenge to "raise awareness of cryptography", will donate the bulk of his $10 000 prize money to the Free Software Foundation and the remaining $2 000 to the two men whose computers helped solve the problem. [Reuters]

The Organisation for the Advancement of Structured Information Standards (Oasis), the consortium of vendors and users which manage the development of the XML standard, has announced a version one release of Security Assertion Markup Language (SAML). TheRegister reports the SAML standard is an XML-based framework for Web services that allows the exchange of authentication and authorisation information. It also enables a host of interoperability functions such as single-sign-on.

SAML incorporates a number of industry-standard protocols and messaging frameworks, such as XML Signature, XML Encryption and SOAP. The specification can be integrated into standard environments such as HTTP and standard Web browsers. Other security environments can also use SAML as an authentication and authorisation layer. [TheRegister]

Kaspersky Labs has announced a new network worm with what the company calls a "considerable" payload. It is believed that the worm, named Roron, was built in Bulgeria and there are already six known variants of the worm circulating networks.

As far as destruction and threat goes, Kaspersky rates the worm`s ability to spread as dangerous and its destruction capabilities as high. The worm includes an ability to set up a backdoor into infected computers. Roron spreads through a number of communication channels including e-mail, local area networks and the KaZaA file-sharing network.

When penetrating a computer, the worm creates a copy of itself in the Windows system directory and program files and then registers one of these files in the system registry`s auto-run key. In this way the worm ensures its activation each time the system is booted.

This week`s TechNiche:
Sun`s 100-desktop Linux solution
Acclaim won`t go nude on PS2
Acer`s Tablet PC rolls out