Another reminder that your encryption is only as secure as your keys:

Misleading blog post title aside, the fact is, ElcomSoft researchers did not crack AES-256, Luther Martin, a senior security architect at Voltage Security, wrote on the Superconductor blog on May 26. Digging deeper into Katalov’s post reveals that ElcomSoft researchers didn’t actually figure out a way to brute-force its way through the encryption, but circumvented the security measures altogether by obtaining the encryption keys stored on the device to unlock the data.

via iPhone 4 Encryption Remains Uncracked, but Password Keys Easy to Obtain – Security – News & Reviews – eWeek.com.

A quick summary of smartphone security:

Hackers Now Targeting Smartphones – Is Yours Next? by Mark Nestmann.

Just like the old “Check the security keypad buttons for wear” trick:

Security researchers from the University of Pennsylvania have highlighted a potential attack vector for accessing your mobile devices–the smudges from your fingertips.

In a paper (PDF) presented this week at the USENIX Security Symposium in Washington, D.C., the researchers revealed that oily residues on the surface of touch screens used on devices such as smartphones can be used to infer passwords.

via Smartphone Security Vulnerable to Touch-Screen Smudges, Researchers Report – Security from eWeek.

This’ll be very handy for small business owners and contractors.

Line2 gives your iPhone a second phone number — a second phone line, complete with its own contacts list, voice mail, and so on. The company behind it, Toktumi (get it?), imagines that you’ll distribute the Line2 number to business contacts, and your regular iPhone number to friends and family. Your second line can be an 800 number, if you wish, or you can transfer an existing number.

To that end, Toktumi offers, on its Web site, a raft of Google Voice-ish features that are intended to help a small businesses look bigger: call screening, Do Not Disturb hours and voice mail messages sent to you as e-mail. You can create an “automated attendant” —“Press 1 for sales,” “Press 2 for accounting,” and so on — that routes incoming calls to other phone numbers. Or, if you’re pretending to be a bigger business than you are, route them all to yourself.

via State of the Art – Line2 Allows iPhone Users to Sidestep AT and T – NYTimes.com.